文章目录
一、启用xpack安全验证
- 目的:为了访问安全,防止外部ip直接通过ip加端口号访问elasticsearch和kibana
- 要为kibana添加更丰富的功能需要xpack安全验证的支持,比如设置metricbeat监测
1. 生成证书
[root@server1 ~]# cd /usr/share/elasticsearch/
[root@server1 elasticsearch]# bin/elasticsearch-certutil ca
Please enter the desired output file [elastic-stack-ca.p12]: 回车
Enter password for elastic-stack-ca.p12 : westos
[root@server1 elasticsearch]# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
Enter password for CA (elastic-stack-ca.p12) : westos
Please enter the desired output file [elastic-certificates.p12]: 回车
Enter password for elastic-certificates.p12 : 回车
[root@server1 elasticsearch]# cp elastic-certificates.p12 /etc/elasticsearch
[root@server1 elasticsearch]# chown elasticsearch /etc/elasticsearch/elastic-certificates.p12
[root@server1 elasticsearch]# cd /etc/elasticsearch/
[root@server1 elasticsearch]# ll elastic-certificates.p12
-rw------- 1 elasticsearch elasticsearch 3443 May 28 21:18 elastic-certificates.p12
[root@server1 elasticsearch]# scp elastic-certificates.p12 server2:/etc/elasticsearch/
[root@server1 elasticsearch]
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
