【笔记】Elasticsearch集群加密证书

最新推荐文章于 2024-12-19 09:42:21 发布

原创

最新推荐文章于 2024-12-19 09:42:21 发布 · 974 阅读

1 ·

CC 4.0 BY-SA版权

本文介绍如何在Elasticsearch集群中配置SSL证书来实现节点间的安全通信，包括生成证书、设置证书路径及密码、调整配置文件等步骤。

es证书

集群创建好：配置文件：

node1:

[root@localhost elasticsearch]# grep -v ^# elasticsearch.yml |grep -v ^$
cluster.name: songcluster
node.name: node-50
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.50
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.1.50", "192.168.1.55", "192.168.1.56"]
cluster.initial_master_nodes: ["192.168.1.50"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization"
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.max_initial_line_length: 100k
http.max_header_size: 50k
http.max_content_length: 50mb
cluster.routing.allocation.total_shards_per_node: 5000
xpack.license.self_generated.type: basic

node2:

[root@songES02 elasticsearch]# grep -v ^# elasticsearch.yml |grep -v ^$
cluster.name: songcluster
node.master: true
node.data: true
node.name: node-55
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.55
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.1.50", "192.168.1.55", "192.168.1.56"]
cluster.initial_master_nodes: ["192.168.1.50", "192.168.1.55", "192.168.1.56"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization"
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.max_initial_line_length: 100k
http.max_header_size: 50k
http.max_content_length: 50mb
cluster.routing.allocation.total_shards_per_node: 5000
xpack.license.self_generated.type: basic

node3：

[root@songEs03 elasticsearch]# grep -v ^# elasticsearch.yml |grep -v ^$
cluster.name: songcluster
node.master: true
node.data: true
node.name: node-56
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.56
transport.tcp.port: 9300
http.port: 9200
discovery.seed_hosts: ["192.168.1.50", "192.168.1.55", "192.168.1.56"]
cluster.initial_master_nodes: ["192.168.1.50", "192.168.1.55", "192.168.1.56"]
discovery.zen.minimum_master_nodes: 2
http.cors.enabled: true

最低0.47元/天解锁文章