1、进入es容器
docker exec -it daodbstore /bin/bash
2、生成ca证书
cd /use/share/elasticsearch
./bin/elasticsearch-certutil ca
注:两个红方框位置直接回车
ca证书
3、生成cert证书
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
注:前两个红框直接回车,第三个红框可以直接回车,也可以输入证书密码
cert证书
4、移动证书文件
证书在/usr/share/elasticsearch路径下es无法正常启动
报错截图
mv /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/
5、配置elasticsearch.yml
cd /etc/elasticsearch/elasticsearch.yml
#修改一下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true
6、重启elasticsearch
#重启es
systemctl restart elasticsearch
systemctl status elasticsearch #查看es状态,状态为running则说明配置elasticsearch.yml正确
7、设置es账号、密码
如果执行设置密码命令报以下错误则执行第8步重置密码
设置密码报错
./bin/elasticsearch-setup-passwords interactive
8、重置elasticsearch密码
./bin/elasticsearch-reset-password -u elastic
#账户:elastic 密码:7A8TDJHCe=4EXKQTsSUV
重置密码
