- 保证
- 在config目录下生成文件
elasticsearch.keystore
,在elastic-search的bin目录下执行:
elasticsearch-keystore create
- 在config目录下创建文件夹certs,并生成证书文件,在elastic-search的bin目录下执行(输入私钥key的时候可以直接回车):
./elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass
- 修改config目录下elasticsearch.yml文件的配置, 并重启elastic-search
http.cors.enabled: true
http.cors.allow-origin: “*”
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type x
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
- 设置密码
(a). 手动模式(需要逐个输入)
./elasticsearch-setup-passwords interactive
(b). 自动模式(随机生成,需要自己保存好)
./elasticsearch-setup-passwords auto