大宁工作室es集群,证书命令
原文地址:https://www.douyacun.com/article/380ad1f8bc460727aeb7435f7ef98cdb
ES初始化密码
./elasticsearch-setup-passwords interactive
ES开启密码校验
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
ES(7.*)集群配置
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
# 集群名称,节点集群名称必须一样
cluster.name: douyacun
# 节点id,唯一
node.name: node-2
# 限制客户端IP地址
network.bind_host: 0.0.0.0
# 集群节点连接IP
network.publish_host: 116.196.69.34
# http端口
http.port: 9200
# 集群节点之间 TCP 端口
transport.port: 9300
# 是否参加master节点选举
node.master: true
# 是否允许节点写数据
node.data: true
# 集群其他节点
discovery.seed_hosts: ["116.196.69.34:9300"]
# 允许选举master的节点
cluster.initial_master_nodes: ["node-2"]
ES集群密码,证书配置
生成证书
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
配置,elastic-certificates.p12 必须放在config目录下面
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
https证书,通过nginx代理服务器配置就可以了,不建议es配置https证书
Kibana设置ES账户密码
elasticsearch.username: "kibana"
elasticsearch.password: "密码"
完整配置
cluster.name: douyacun
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: true
network.bind_host: 0.0.0.0
network.publish_host: 116.196.69.34
http.port: 9200
transport.port: 9300
node.name: node-2
node.master: true
node.data: true
discovery.seed_hosts: ["116.196.69.34:9300"]
cluster.initial_master_nodes: ["node-2"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12