728x90
elasticsearch TLS 암호화 및 HTTPS 활성화
elasticsearch tls 통신을 위한 인증서
elasticsearch https 통신을 위한 인증서
/usr/share/elasticsearch/bin/elasticsearch-certutil http --silent
$ /usr/share/elasticsearch/bin/elasticsearch-certutil http --silent
## Elasticsearch HTTP Certificate Utility
## Do you wish to generate a Certificate Signing Request (CSR)?
Generate a CSR? [y/N]y
## Do you wish to generate one certificate per node?
Generate a certificate per node? [y/N]N
## Which hostnames will be used to connect to your nodes?
localhost
es01
es02
es03
kibana
You entered the following hostnames.
- localhost
- es01
- es02
- es03
- kibana
Is this correct [Y/n]y
## Which IP addresses will be used to connect to your nodes?
127.0.0.1
1.1.1.1
2.2.2.2
3.3.3.3
You entered the following IP addresses.
- 127.0.0.1
- 1.1.1.1
- 2.2.2.2
- 3.3.3.3
Is this correct [Y/n]y
## Other certificate options
Key Name: localhost
Subject DN: CN=localhost
Key Size: 2048
Do you wish to change any of these options? [y/N]N
## What password do you want for your private key(s)?
Provide a password for the private key: [<ENTER> for none]
## Where should we save the generated files?
What filename should be used for the output zip file? [/usr/share/elasticsearch/elasticsearch-ssl-http.zip]
cd /usr/share/elasticsearch
unzip elasticsearch-ssl-http.zip
cd elasticsearch
$ ls -l
total 16
-rw-r--r-- 1 root root 1070 Jul 5 11:04 http-localhost.csr
-rw-r--r-- 1 root root 1679 Jul 5 11:04 http-localhost.key
-rw-r--r-- 1 root root 2444 Jul 5 11:04 README.txt
-rw-r--r-- 1 root root 1179 Jul 5 11:04 sample-elasticsearch.yml
cat sample-elasticsearch.yml
$ cat sample-elasticsearch.yml
#
# SAMPLE ELASTICSEARCH CONFIGURATION FOR ENABLING SSL ON THE HTTP INTERFACE
#
# This is a sample configuration snippet for Elasticsearch that enables and configures SSL for the HTTP (Rest) interface
#
# This was automatically generated at: 2022-07-05 11:04:25+09:00
# This configuration was intended for Elasticsearch version 8.3.1
#
# You should review these settings, and then update the main configuration file at
# /etc/elasticsearch/elasticsearch.yml
#
# This turns on SSL for the HTTP (Rest) interface
xpack.security.http.ssl.enabled: true
# This configures the certificate to use.
# This certificate will be generated by your Certificate Authority, based on the CSR that you sent to them.
xpack.security.http.ssl.certificate: "http-localhost.crt"
# This configures the private key for your certificate.
xpack.security.http.ssl.key: "http-localhost.key"
# If your Certificate Authorities provides you with a copy of their certificate you can configure it here.
# This is not strictly necessary, but can make it easier when running other elasticsearch utilities such as the "setup-passwords" tool.
#
#xpack.security.http.ssl.certificate_authorities: [ "ca.crt" ]
#
728x90
'리눅스' 카테고리의 다른 글
우분투에서 Telegraf를 설치하는 방법 (0) | 2022.07.06 |
---|---|
우분투에서 InfluxDB를 설치하고 설정하는 방법 (0) | 2022.07.06 |
[리눅스] Elasticsearch 업그레이드(Elasticsearche rpm install on CentOS 7) (0) | 2022.07.03 |
[리눅스] Elasticsearch Snapshot and Restore (0) | 2022.06.23 |
[리눅스] Export/Import kibana dashboards (0) | 2022.06.23 |