1、进入dockers容器
docker exec -it 059996ca820a /bin/bash
2、查看证书工具斌个生成证书
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
以上全部默认回车,也可以自己设置密码
3、拷贝证书到本机
docker cp 059996ca820a:/usr/share/elasticsearch/elastic-certificates.p12 ./elasticsearch/
4、修改docker-compose.yml文件,挂载证书
- ./elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
5、修改配置文件elasticsearch.yml
# 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0,即本机
network.host: 0.0.0.0
# 是否支持跨域
http.cors.enabled: true
# 表示支持所有域名
http.cors.allow-origin: "*"
# 内存交换的选项,官网建议为true
bootstrap.memory_lock: true
# resetful端口
http.port: 9200
# xpack安全
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true
6、进入docker 创建密码(进入参照1)
./bin/elasticsearch-setup-passwords interactive
请记住设置的密码