使用docker安装部署ES8+kibana，以及https配置生成

weixin_48043634

已于 2025-02-17 15:11:26 修改

阅读量1.3k

点赞数 6

分类专栏：部署文章标签： docker jenkins 运维 elasticsearch

于 2025-02-17 13:56:38 首次发布

本文链接：https://blog.youkuaiyun.com/weixin_48043634/article/details/145679434

版权

部署专栏收录该内容

1 篇文章

订阅专栏

1.容器拉取

es8拉取

docker pull docker.elastic.co/elasticsearch/elasticsearch:8.15.0

kibana拉取

docker pull docker.elastic.co/kibana/kibana:8.15.0

2.部署容器

1.ES8部署

docker run --name es0
  -p 9200:9200
  -e "ES_JAVA_OPTS=-Xms2048m -Xmx2048m"
  -e "discovery.type=single-node"
  -v 路径/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
  -v 路径/data:/usr/share/elasticsearch/data
  -v 路径/backup:/usr/share/elasticsearch/backup
  docker.elastic.co/elasticsearch/elasticsearch:8.15.0

路径自行替换成持久化路径

先创建好指定路径文件夹，并创建好yml配置文件:

cluster.name: "docker-cluster"
network.host: 0.0.0.0
path.repo: ["/usr/share/elasticsearch/backup"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: X-Requested-With,Content-Type,Content-Length,Authorization
xpack.security.enrollment.enabled: true
xpack.security.http.ssl.enabled: false

2.Kibana部署

docker run --name kib01 -p 5601:5601 -e I18N_LOCALE=zh-CN docker.elastic.co/kibana/kibana:8.15.0

3.生成SSL证书并完成部署初始化

1.进入ES8容器

docker exec -it es0 /bin/bash

2.使用ES8自带工具生成SSL证书

./bin/elasticsearch-certutil http

1.是否生成CSR(N)

2.是否使用现有证书(N)

3.是否修改生成证书配置(N)

4.输入证书的密码

5.生成证书有效时长(5Y)

6.是否单点证书(Y)

7.输入内网IP

8.再次输入确认

9.是否修改配置(N)

10.输入生成的路径(/usr/share/elasticsearch/data/ssl.zip)

3.解压并配置SSL

生成完成后到指定的路径/data进行解压

unzip ssl.zip -d ssl

修复错误 (解决参考):

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate

keytool -importkeystore -destkeystore 路径/data/ssl/ca/ca.p12 -srckeystore 路径/data/ssl/elasticsearch/http.p12

修改yml配置:

cluster.name: "docker-cluster"
network.host: 0.0.0.0
path.repo: ["/usr/share/elasticsearch/backup"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: X-Requested-With,Content-Type,Content-Length,Authorization
xpack.security.enrollment.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/data/ssl/ca/ca.p12
xpack.security.http.ssl.keystore.password: "设置的密码"

然后重启ES8的docker容器

4.获取令牌和重置初始密码

1.获取令牌(注意先进入容器)

bin/elasticsearch-create-enrollment-token -s kibana

2.重置密码

bin/elasticsearch-reset-password -u elastic

4.完成Kibana配置

1.将先前获取的令牌填入

2.输入账号密码登录