Elasticsearch 的安全认证可以有两种方式实现,第一种是使用xpack的安全认证功能,另外一种是借助Nginx来实现安全认证,下面对两种方式做简要介绍。
使用Elasticsearch自带的安全认证功能
elasticsearch.yml增加安全认证的配置,示例如下:
cluster.name: my-application node.name: node-1 path.data: /data/elasticsearch/path/to/data path.logs: /data/elasticsearch/path/to/logs network.host: 0.0.0.0 http.port: 9200 discovery.zen.ping.unicast.hosts: ["172.31.6.21"] # 开启安全认证 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true
使用Nginx实现Elasticsearch的安全认证
创建用于基本身份验证的Nginx帐户
htpasswd -c /etc/Nginx/htpasswd.users kibanauser
按下 Enter 键后,系统会提示我们输入并验证用户密码
$ htpasswd -c /etc/Nginx/htpasswd.users kibanauser New password: Re-type new password: Adding password for user kibanauser
修改Nginx.conf配置
upstream elasticsearch {
server 127.0.0.1:9200;
keepalive 15;
}
upstream kibana {
server 127.0.0.1:5601;
keepalive 15;
}
server {
listen 8881;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/Nginx/htpasswd.users;
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
}
}
server {
listen 8882;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/Nginx/htpasswd.users;
proxy_pass http://kibana;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
}
}
重启Nginx服务,验证即可
参考文档
https://elasticstack.blog.csdn.net/article/details/112213364
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
