Elasticsearch8.18在使用安装完成后默认会生成http_ca.crt
,http.p12
,transport.p12
,这三个文件。
我们在kibana中使用Elasticsearch提供的http_ca.crt
实现kibana与Elasticsearch之间的HTTP加密通信。
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"
elasticsearch.hosts: ["https://127.0.0.1:9200"]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana-cert.pem
server.ssl.key: /etc/kibana/certs/kibana-key.pem
server.host: "127.0.0.1"
server.port: 5601
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl.client_authentication: "optional"
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
注:以上配置仅列出了kibana81.8访问Elasticsearch8.18需要的基础配置。
[elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain;
错误原因:kibana使用elasticsearch.serviceAccountToken连接Elasticsearch时,TLS/SSL连接失败。kibana没有信任该证书。
解决办法:将Elasticsearch的http_ca.crtCA文件拷贝纸kibana的certs目录下。在kibana.yml中添加以下配置。显式指定kibana信任Elasticsearch的自签名CA。
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/http_ca.crt"]
.[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception;security_exception: unable to authenticate with provided credentials and anonymous access is not allowed for this request
错误原因:kibana通过HTTPS与Elasticsearch建立了连接。但是认证失败。Elasticsearch拒绝了kibana发起的未认证请求,并且不允许匿名访问。
解决办法:
①需要修改http_ca.crt证书权限。
chown kibana:kibana /etc/kibana/certs/http_ca.crt
chmod 644 /etc/kibana/certs/http_ca.crt
②使用elasticsearch.username和elasticsearch.password替代token完成认证。
使用以下命令重置kibana_system账号密码
bin/elasticsearch-reset-password -u kibana_system
然后使用
elasticsearch.username:"kibana_system"
elasticsearch.password:"password"
替代
elasticsearch.serviceAccountToken: "xxxxxxxx"
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。