运行下面的命令,拉取 Elasticsearch 镜像并启动容器:
# 创建一个 network,将被用于 Elasticsearch 和 Kibana 之间的通信
$ docker network create elastic
# 拉取 Elasticsearch 镜像,这里的版本 `version`,我们选取:`8.9.0`
$ docker pull docker.elastic.co/elasticsearch/elasticsearch:8.9.0
# 启动 docker elasticsearch 镜像
$ docker run --name elasticsearch --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -t docker.elastic.co/elasticsearch/elasticsearch:8.9.0
以上命令可以用一个 docker-compose 替换:
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0
container_name: elasticsearch
environment:
# 只在单节点上运行
- discovery.type=single-node
ports:
- "9200:9200"
- "9300:9300"
networks:
- elastic
networks:
elastic:
driver: bridge
然后用下面的命令启动容器:
$ docker-compose up
进入ES容器,修改 elasticsearch 用户密码
$ docker exec -it elasticsearch /bin/bash
# 执行命令,按照提示设置密码
$ bin/elasticsearch-reset-password --username elastic -i
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]
验证Elasticsearch是否运行:使用以下命令验证Elasticsearch是否正在Docker容器中运行:
$ curl https://localhost:9200/ --insecure
说明一下,ES 从 8.0 版本开始默认开启 HTTPS,同时是一个自签名证书,因此需要添加
-k或--insecure选项,这将忽略 SSL 证书的验证
请求之后发现服务端响应 401,如下:
curl https://localhost:9200/ --insecure
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}%
要使用 curl 发送带有身份验证凭据的请求,可以使用 -u 或 --user 选项。该选项允许指定用户名和密码。当使用该选项时,curl 会自动将凭据发送到服务器。
$ curl -u <username>:<password> https://example.com
需要注意的是,ES 用的是 Basic Authentication,可以将凭据放在 URL 中,而不是使用 -u 选项。以下是使用 URL 指定凭据的命令格式:
$ curl https://<username>:<password>@example.com
比如这里我们用这个命令:
$ curl https://elastic:elastic@localhost:9200/ --insecure
补充一下,也可以用浏览器访问
https://localhost:9200/地址,会弹出一个认证弹窗
如果Elasticsearch正在运行,应该能够看到类似于以下内容的输出:
{
"name" : "50c4f4084c64",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "INtSGd02QCWhEvBbafzBjQ",
"version" : {
"number" : "8.9.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d",
"build_date" : "2023-07-19T14:43:58.555259655Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
