跳至主要內容

Elasticsearch安全认证

xw小于 1 分钟ElasticsearchElasticsearch

  • 在配置文件添加配置,配置文件路径 /usr/share/elasticsearch/config/elasticsearch.yml

    xpack.security.enabled: true
    xpack.license.self_generated.type: basic
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
    
  • 生成证书

    # cd到elasticsearch目录下的bin目录执行
    ./elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
    

    并将证书放到/usr/share/elasticsearch/config/elastic-certificates.p12

  • 初始化,设置密码

     docker exec -it  cmp-elasticsearch bash
     cd bin
     ./elasticsearch-setup-passwords interactive
    

    或者

    以docker为例:

    docker exec -it cmp-elasticsearch /usr/share/elasticsearch/bin/elasticsearch-users useradd admin -p admin123 -r superuser;
    curl -u admin:admin123 -XPUT "http://localhost:9200/_xpack/security/user/elastic/_password?pretty" -H 'Content-Type: application/json' -d  '{"password":"passwprd"}';
    docker exec -it cmp-elasticsearch /usr/share/elasticsearch/bin/elasticsearch-users userdel admin;