7.0之后的版本免费加密比较稳定,之前的版本还是建议使用Search Guard
使用Es自带加密
快速加密去除部分步骤
1. ./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
2. 修改config/elasticsearch.yaml将下列代码行粘贴到文件末尾.
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
3. .启动ES,执行 ./bin/elasticsearch-setup-passwords interactive
4. 打开 config/kibana.yml修改连接ES的账号密码,下方为示例代码
#elasticsearch.username: "elastic"
#elasticsearch.password: "******"
5. 启动kibana,并打开输入自己设置的账号密码登录.
使用Search Guard
1. 下载Es插件:./bin/elasticsearch-plugin install -b search-guard版本号
2. bash /plugins/search-guard-7/tools/install_demo_configuration.sh
3. 一直输入y(最后一个选项是是否集群模式,可以选择输入n)
4. 启动Es并打开:https:
5. 全部同意,然后输入账号:admin 密码:admin
6. bash /plugins/search-guard-7/tools/hash.sh -p 新的密码 (返回一个加密过的数据)
7. 打开 /plugins/search-guard-7/sgconfig/sg_internal_users.yml
8. 找到admin对应hash字段的值并将第六步生产的密码替换
9. bash /plugins/search-guard-7/tools/sgadmin_demo.sh
10. 重启ES测试密码是否正确
1. 下载Kibana插件:./bin/kibana-plugin install kibana插件地址
2. 修改config中kibana.yml添加以下数据
# Use HTTPS instead of HTTP
elasticsearch.hosts: "https://localhost:9200"
# Configure the Kibana internal server user
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
# Disable SSL verification because we use self-signed demo certificates
elasticsearch.ssl.verificationMode: none
# Whitelist the Search Guard Multi Tenancy Header
elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
# 禁止xpack
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.enabled: false
3. 启动kibana查看是否需要输入账号密码(Es的账号密码即可)
508工作室
