Win10下安转Elasticsearch6.8.6与配置安全策略-开启密码账号访问
一、Elasticsearch是什么?
二、下载
Elasticsearch 6.8.6下载地址
https://www.elastic.co/cn/downloads/past-releases/elasticsearch-6-8-6
三、安装
四、配置
1.基础配置
2.配置xpack(生成密钥)
打开cmd窗口,切换到Elasticsearch 6.8.6安装目录/bin下
- 创建keystore文件
elasticsearch-keystore create
- 生成根密钥:elastic-stack-ca.zip(默认zip包的名称)
elasticsearch-certutil ca --pem
- 解压根密钥,会生成一个 ca文件夹,包含ca.key,和ca.cert
- 生成节点密钥:certificate-bundle.zip(默认zip包的名称)
elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem
- 解压节点密钥,会生成 一个instance文件夹,包含instance.key,和instance.crt
- 在config目录创建x-pack文件夹(x-pack所属权限为es用户)
- 将bin目录生成的ca和instance两个文件夹 拷贝至x-pack文件夹下
- 配置文件elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required
- 启动ES,设置交互式生成密码
elasticsearch-setup-passwords interactive
```bash
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]: