• Elasticsearch 开启安全认证


    Elasticsearch 的安全认证可以有两种方式实现,第一种是使用xpack的安全认证功能,另外一种是借助Nginx来实现安全认证,下面对两种方式做简要介绍。

    使用Elasticsearch自带的安全认证功能

    elasticsearch.yml增加安全认证的配置,示例如下:

    cluster.name: my-application
    node.name: node-1
    path.data: /data/elasticsearch/path/to/data
    path.logs: /data/elasticsearch/path/to/logs
    network.host: 0.0.0.0
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["172.31.6.21"]
     
     
    # 开启安全认证
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-headers: Authorization
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true

    使用Nginx实现Elasticsearch的安全认证

    创建用于基本身份验证的nginx帐户

    htpasswd -c /etc/nginx/htpasswd.users kibanauser

    按下 Enter 键后,系统会提示我们输入并验证用户密码

    $ htpasswd -c /etc/nginx/htpasswd.users kibanauser
    New password: 
    Re-type new password: 
    Adding password for user kibanauser

    修改nginx.conf配置

    upstream elasticsearch {
        server 127.0.0.1:9200;
        keepalive 15;
      }
     
      upstream kibana {
        server 127.0.0.1:5601;
        keepalive 15;
      }
     
      server {
        listen 8881;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
     
          proxy_pass http://elasticsearch;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
     
      }
     
      server {
        listen 8882;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
          proxy_pass http://kibana;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
      }

    重启Nginx服务,验证即可

    参考文档

    https://elasticstack.blog.csdn.net/article/details/112213364

  • 相关阅读:
    01 变量、基本数据类型
    02 gitlab的基本使用
    kubernetes
    02 redis高可用集群
    Redis & ELK
    01 Redis安装、配置详解、数据备份与恢复
    Jenkins
    01 git gitlab jenkins的安装
    golang mysql 客户端
    接口类
  • 原文地址:https://www.cnblogs.com/libin2015/p/15637368.html
Copyright © 2020-2023  润新知