本文介绍了如何在Elasticsearch集群中配置SSL证书,确保节点间的安全通信。重点包括使用elasticsearch-certutil生成CA证书,配置elasticsearch.yml文件,以及处理节点验证模式。完成配置后,需要通过HTTPS访问集群,并可选择使用内置或自定义用户进行身份验证。
生成certificate 证书
在官方文档中有这么一段
“You can add as many nodes as you want in a cluster but they must be able to communicate with each other. The communication between nodes in a cluster is handled by the transport module. To secure your cluster, you must ensure that internode communications are encrypted and verified, which is achieved with mutual TLS.
In a secured cluster, Elasticsearch nodes use certificates to identify themselves when communicating with other nodes.
The cluster must validate the authenticity of these certificates. The recommended approach is to trust a specific certificate authority (CA). When nodes are added to your cluster they must use a certificate signed by the same CA.
For the transport layer, we recommend using a separate, dedicated CA instead of an existing, possibly shared CA so that node membership is tightly controlled. Use the elasticsearch-certutil tool to generate a CA for your cluster.”
总结
最低0.47元/天 解锁文章
1601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
