elasticsearch x-pack安全认证登录
1. 生成CA证书,使用elasticsearch内部命令
bin/elasticsearch-certutil ca
2. 为集群中每个节点生成证书和私钥
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
将产生新文件 elastic-certificates.p12。系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以按Enter键将密码留空。默认情况下 elasticsearch-certutil 生成没有主机名信息的证书,这意味着你可以将证书用于集群中的每个节点,另外要关闭主机名验证。(elastic-certificates.p12生成后移动到config目录下)
3. 在elasticsearch.yml文件添加如下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: ./elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: ./elastic-certificates.p12
4. 启动主节点,建议用bin/elasticsearch
运行ÿ