ELK配置ssl

其他 2020-04-16 18:50:52 阅读次数: 0

ssl分步骤

1、准备工作

配置hosts

192.168.1.234 node01
192.168.1.233 node02
192.168.1.240 node03

instances.yml文件内容

instances:
  - name: "node01"
    dns: ['node01']
  - name: "node02"
    dns: ['node02']
  - name: "node03"
    dns: ['node03']    
  - name: 'kibana'
    dns: ['node01']

存储路径

/home/elastic/elasticsearch-7.5.1

生成证书

cd /home/elastic/elasticsearch-7.5.1
bin/elasticsearch-certutil cert ca --pem --in instance.yml --out /root/certs.zip
#解压后目录结构
Archive:  certs.zip
   creating: ca/
  inflating: ca/ca.crt               
   creating: node01/
  inflating: node01/node01.crt       
  inflating: node01/node01.key       
   creating: node02/
  inflating: node02/node02.crt       
  inflating: node02/node02.key       
   creating: node03/
  inflating: node03/node03.crt       
  inflating: node03/node03.key       
   creating: kibana/
  inflating: kibana/kibana.crt       
  inflating: kibana/kibana.key

2、访问es集群设置

es1

cluster.name: es-itcast-cluster
node.name: node01
node.master: true
node.data: true
network.host: 192.168.1.234
discovery.seed_hosts: ["192.168.1.234","192.168.1.233","192.168.1.240"]
cluster.initial_master_nodes: ["node01","node02","node03"]
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
http.port: 9200
transport.port: 9300
#配置集群密码
xpack.security.enabled: true
#用HTTPS方式访问es
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node01.key
xpack.security.http.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node01.crt
xpack.security.http.ssl.certificate_authorities: /home/elastic/elasticsearch-7.5.1/config/certs/ca.crt
#集群内部通信
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node01.key
xpack.security.transport.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node01.crt
xpack.security.transport.ssl.certificate_authorities: ["/home/elastic/elasticsearch-7.5.1/config/certs/ca.crt"]

es2

cluster.name: es-itcast-cluster 
node.name: node02 
node.master: true 
node.data: true 
network.host: 192.168.1.233 
discovery.seed_hosts: ["192.168.1.234","192.168.1.233","192.168.1.240"] 
cluster.initial_master_nodes: ["node01","node02","node03"] 
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
http.port: 9200
transport.port: 9300
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node02.key
xpack.security.http.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node02.crt
xpack.security.http.ssl.certificate_authorities: /home/elastic/elasticsearch-7.5.1/config/certs/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node02.key
xpack.security.transport.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node02.crt
xpack.security.transport.ssl.certificate_authorities: ["/home/elastic/elasticsearch-7.5.1/config/certs/ca.crt"]

es3

cluster.name: es-itcast-cluster 
node.name: node03 
node.master: true 
node.data: true 
network.host: 192.168.1.240
discovery.seed_hosts: ["192.168.1.234","192.168.1.233","192.168.1.240"] 
cluster.initial_master_nodes: ["node01","node02","node03"] 
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
http.port: 9200
transport.port: 9300
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node03.key
xpack.security.http.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node03.crt
xpack.security.http.ssl.certificate_authorities: /home/elastic/elasticsearch-7.5.1/config/certs/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/elastic/elasticsearch-7.5.1/config/certs/node03.key
xpack.security.transport.ssl.certificate: /home/elastic/elasticsearch-7.5.1/config/certs/node03.crt
xpack.security.transport.ssl.certificate_authorities: ["/home/elastic/elasticsearch-7.5.1/config/certs/ca.crt"

3、kibana访问es集群设置

server.port: 5601
server.host: "192.168.1.234"
#kibana访问es集群
elasticsearch.hosts: ["https://192.168.1.234:9200","https://192.168.1.233:9200","https://192.168.1.240:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "4CG0LMkw4Gjkh8c5SPsS"
i18n.locale: "zh-CN"
#用HTTPS方式访问kibana
server.ssl.enabled: true
server.ssl.certificate: /home/kibana/kibana-7.5.1/config/certs/kibana.crt
server.ssl.key: /home/kibana/kibana-7.5.1/config/certs/kibana.key
#kibana访问es集群
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: ["/home/kibana/kibana-7.5.1/config/certs/ca.crt"]

4、logstash访问es设置
5、filebeat访问logstash设置

猜你喜欢

转载自www.cnblogs.com/fat-girl-spring/p/12714845.html
今日推荐
周排行
Leetcode简单题61~80
解决zookeeper磁盘IO高的问题
多线程相关方法详解
Maven-setting.xml文件详解
Maven 项目的 classpath 理解
渊亭科技大数据笔试题
配置JVM内存分配
计算机网络个人学习笔记 (三)网络层 :第三部分 连载
js中两个等号(==)和三个等号(===)的区别
用C程序自动打开电脑上的程序
每日归档
更多
2024-09-18(0)
2024-09-17(0)
2024-09-16(0)
2024-09-15(0)
2024-09-14(0)
2024-09-13(0)
2024-09-12(0)
2024-09-11(0)
2024-09-10(0)
2024-09-09(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022