Elasticsearch 6.8.0 Deployment TLS / SSL

Others 2021-03-07 05:53:40 views: null

Configuration steps:

1. Install x-pack

2. Execute the command, generate the elastic-stack-ca.p12file, use 123456 for the password

./bin/elasticsearch-certutil ca

3. Execute the command, generate the elastic-certificates.p12file, and use 123456 for the password

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

4. Copy elastic-stack-ca.p12and elastic-certificates.p12copy to config/certs

5. Add configuration in elasticsearch.yml file

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.truststore.password: 123456
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.truststore.password: 123456

6. logstash connect ES

output {
    
    
    elasticsearch {
    
    
    hosts => ["https://MY_IP:9201"]
    index => "bos-dev-log"
    user => "elastic"
    password => "123456"
    ssl => true
    ssl_certificate_verification=>false
    truststore=>"/XXX/XXX/elastic-certificates.p12"
    truststore_password=>"123456"
    }
  stdout {
    
     codec => rubydebug }
}

7.java client verification

public static void testHttps() throws Exception {
    
    
		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
		credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456"));
		KeyStore truststore = KeyStore.getInstance("jks");
		try (InputStream is = new FileInputStream("./src/main/resources/elastic-certificates.p12")) {
    
    
			truststore.load(is, "123456".toCharArray());
		}
		SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(truststore, null).build();
		SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

		Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
				.register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build();

		BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(
				socketFactoryRegistry);
		CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sslsf)
				.setDefaultCredentialsProvider(credentialsProvider).setConnectionManager(connectionManager).build();
		HttpGet getMethod = new HttpGet("https://MY_IP:9200");
		HttpResponse response = client.execute(getMethod);
		System.out.println(IOUtils.toString(response.getEntity().getContent()));
	}

8 curl command verification

 curl -k -u elastic:123456 -X GET https://MY_IP:9200

Reference link

Guess you like

Origin blog.csdn.net/sdkdeveloper/article/details/102966606
Recommended
Ranking
Electric Motor Manufacturer - What Is An Asynchronous Motor?
Operating System (2) - the physical memory (continuous non-continuous) administration
PAT B 1013 (JAVA) - Long brush brother's title path
Java multi-threading (XIII): Thread Pool
gitignre
agc047_a A-Integer Product Mathematical Ideas
Bitcoin block structure Merkle tree and simple payment verification analysis
当技术重构遇上DDD,如何实现业务、技术双赢?
java.lang.IllegalArgumentException: Comparison method violates its general contract!
How to deal with the problem of data skew in Spark tasks?
Daily
More
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)
2024-06-25(0)

Code World

© 2018 codetd.com