1 配置 elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
2 重启es
3 设置密码
./bin/elasticsearch-setup-passwords interactive
现在访问就需要账号密码了
4 配置证书访问
# generate CA
./bin/elasticsearch-certutil ca
# generate a certificate and private key
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
5 配置证书
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
6 如果第4步设置了密码,需要以下步骤
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
7 kibana.yml配置
elasticsearch.username: "kibana_system"
创建密码存储
./bin/kibana-keystore create
添加密码
./bin/kibana-keystore add elasticsearch.password
