In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Elasticsearch, kibana, logstash version: 7.3.2
192.168.3.100elasticsearch192.168.3.101elasticsearch192.168.3.102elasticsearch 、 kibana
# generate CA and certificate ES_HOME=/usr/local/elasticsearch$ES_HOME/bin/elasticsearch-certutil ca$ES_HOME/bin/elasticsearch-certutil cert using es's own tools-- ca elastic-stack-ca.p12mkdir $ES_HOME/config/certs & & mv $ES_HOME/elastic-* $ES_HOME/config/certs
Copy the certificate to another es node
# es configuration file (es1 as an example) elasticsearch.ymlcluster.name: my-esnode.name: es-1node.master: true node.data: truenode.ingest: falsepath.data: / usr/local/elasticsearch/data/path.logs: / usr/local/elasticsearch/log/network.host: 0.0.0.0http.port: 9200transport.port: 9300transport.compress: truediscovery.seed_hosts: ["192.168.3.100 elasticsearch.ymlcluster.name 9300", "192.168.3.101 elasticsearch.ymlcluster.name 9300" "192.168.3.102 9300"] cluster.initial_master_nodes: ["192.168.3.100 9300", "192.168.3.101 purl 9300" "192.168.3.102 head 9300"] # head plug-in http.cors.enabled: truehttp.cors.allow-origin: "*" # enable security features xpack.security.enabled: true# cluster intercom encryption xpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# using systemd to manage es/usr/lib/systemd/system/ ElasticSearch.service [unit] Description=ElasticsearchDocumentation= http://www.elastic.coWants=network-online.targetAfter=network-online.target[Service]User=esGroup=esLimitNOFILE=100000LimitNPROC=100000ExecStart=/usr/local/elasticsearch/bin/elasticsearch[Install]WantedBy=multi-user.target
# start es cluster; set default account password # automatically generate password $ES_HOME/bin/elasticsearch-setup-passwords auto
# manually set password $ES_HOME/bin/elasticsearch-setup-passwords interactive
# Kibana related certificate Kibana_HOME=/usr/local/kibana#kibana connection es encryption requires using pem certificate cd $ES_HOME/config/certs# certificate conversion openssl pkcs12-in elastic-certificates.p12-out elastic-certificates.pem-nodesmkdir $Kibana_HOME/config/certs & & mv elastic-certificates.pem $Kibana_HOME/config/certs#https certificate $ES_HOME/bin/elasticsearch-certutil ca-- pemmv $ES_HOME/elastic-stack-ca.zip $Kibana_HOME/config/certs & & unzip $Kibana_HOME/config/certs/elastic-stack-ca.zip
# kibana configuration file kibana.ymlserver.host: "192.168.3.102" elasticsearch.hosts: ["http://192.168.3.102:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]elasticsearch.username:" kibana "elasticsearch.password:" ukCAClFof70DU5mWnHC7 "logging.dest: / usr/local/kibana/log/kibana.loglogging.quiet: true# enable https to access kibana Using a private certificate will cause errors in the access log # server.ssl.enabled: true#server.ssl.certificate: / usr/local/kibana/config/certs/ca/ca.crt#server.ssl.key: / usr/local/kibana/config/certs/ca/ca.key# enable elasticsearch connection encryption elasticsearch.ssl.certificateAuthorities: ["/ usr/local/kibana/config/certs/elastic-certificates.pem"] elasticsearch.ssl.verificationMode: certificate
# systemd manages kibana/usr/lib/systemd/system/ kibana.service [unit] Description=KinabaDocumentation= http://www.elastic.coWants=network-online.targetAfter=network-online.target[Service]User=kibanaGroup=kibanaExecStart=/usr/local/kibana/bin/kibana[Install]WantedBy=multi-user.target
# logstash sample input {stdin {} output {elasticsearch {hosts = > ["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"] index = >" test-% {+ YYYY.MM.dd} "user = >" elastic "password = >" HkqZIHZsuXSv6B5OwqJ7 "}
Use PKCS12 to configure logstash= > es security encryption is not successful (if the boss is successful, private messages or comments), you can refer to the link below to use PEM to complete the secure communication between the components.
Https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#step-5-2
Reference:
Https://www.elastic.co/guide/en/elastic-stack-overview/7.3/ssl-tls.html
Https://www.elastic.co/guide/en/elasticsearch/reference/7.3/configuring-security.html
Https://www.elastic.co/guide/en/kibana/7.3/using-kibana-with-security.html
Https://www.elastic.co/guide/en/kibana/7.3/configuring-tls.html
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.