Windows ELK8 测试: filebeat8+kakfa+logstash8+elasticsearch8+kibana8 搭建日志系统（二）之加密

Windows ELK8 测试: filebeat8+kakfa+logstash8+elasticsearch8+kibana8 搭建日志系统（二）之加密

1、elasticsearch 配置xpack

2、重置下xpack 中的elastic用户密码**【重置前要先关闭http ssl认证】**

ELK\elasticsearch-8.14.3\bin>elasticsearch-reset-password.bat --username elastic -i
warning: ignoring JAVA_HOME=D:\byj\java\jdk-11.0.16; using bundled JDK
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Re-enter password for [elastic]:
Password for the [elastic] user successfully reset.

3、重置下xpack 中的kibana用户密码**【重置前要先关闭http ssl认证】**

D:\byj\ELK\elasticsearch-8.14.3\bin>elasticsearch-reset-password.bat --username kibana_system -i
warning: ignoring JAVA_HOME=D:\byj\java\jdk-11.0.16; using bundled JDK
This tool will reset the password of the [kibana_system] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y


Enter password for [kibana_system]:
Re-enter password for [kibana_system]:
Password for the [kibana_system] user successfully reset.

4、启用xpack的所有安全功能

xpack.security.enrollment.enabled: true
是为kibana生成一键接入token 使用的，用处不大

5、生成kibana 密钥

elasticsearch-create-enrollment-token -s kibana

或者直接在kibana 配置文件中配置效果一样

 elasticsearch.hosts: ["https://127.0.0.1:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
 elasticsearch.username: "kibana_system"
 elasticsearch.password: "123456"
 elasticsearch.ssl.certificateAuthorities: ['elasticsearch-8.14.3\config\certs\http_ca.crt']
 xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://localhost:9200'], ca_trusted_fingerprint: ab88779ea3cafb05fec411860fe66f7dd0743dbcecbb908f1044f8b9f615259d}]

5、启动kibana 访问 界面
注：建议用elastic 用户，不要用kibana_system用户，有权限问题

6、配置logstash ，并启动

output {
  elasticsearch {
    hosts => ["https://127.0.0.1:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
	ssl => true
    cacert => "elasticsearch-8.14.3\config\certs\http_ca.crt"
    user => "elastic"
    password => "123456"
  }
  
  stdout { 
    codec => rubydebug
  }
}

附：kibana 启用https

7.1、生成 Kibana 的服务器证书和密钥（如果不想麻烦可直接下载结尾证书导入使用）

# 首先生成一个私钥和证书签名请求 (CSR)
openssl genpkey -algorithm RSA -out kibana-server.key
openssl req -new -key kibana-server.key -out kibana-server.csr

在生成 CSR 的过程中，系统会提示输入一些信息，如【国家、州、省、市、组织名称、通用名称（即服务器的域名或 IP 地址）等】

7.2、使用 CSR 生成自签名证书

openssl x509 -req -days 365 -in kibana-server.csr -signkey kibana-server.key -out kibana-server.crt

上述命令生成的 kibana-server.crt 就是服务器证书，kibana-server.key 是对应的私钥。

7.3、需要一个 CA 来签署服务器证书，首先生成 CA 的私钥和自签名证书

openssl genpkey -algorithm RSA -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.pem

这里的 ca.pem 是 CA 的证书，ca.key 是 CA 的私钥

7.4、使用 CA 签署服务器证书

openssl x509 -req -in kibana-server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kibana-server.crt -days 365 -sha256

这个步骤会生成一个由 CA 签署的 kibana-server.crt 证书。CAcreateserial 参数会生成一个序列号文件 (ca.srl)

7.5、生成客户端证书（给Metricbeat用）

openssl genpkey -algorithm RSA -out client.key
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256

这里的 client.key 是客户端私钥，client.crt 是由 CA 签署的客户端证书。

7.6、得到证书列表文件如下

下载：https://download.csdn.net/download/qq_30540299/89605754

7.6、配置：kibana-8.14.3\config\kibana.yml，拷贝到 kibana-8.14.3\config\certs

 server.ssl.enabled: true
 server.ssl.certificate: kibana-8.14.3\config\certs\kibana-server.crt
 server.ssl.key: kibana-8.14.3\config\certs\kibana-server.key

至此ELK全部接入xpack完成！！！