如果在[基本]许可证上启用了安全性,则必须启用传输SSL [英] Transport SSL must be enabled if security is enabled on a [basic] license
问题描述
我已经在Ubuntu上安装了Elasticsearch 7.1。我想用密码保护集群,所以我在 elasticsearch.yml 中设置了: xpack.security.enabled:true 文件。现在,当我重新启动Elasticsearch时,我得到消息:
I have installed Elasticsearch 7.1 on Ubuntu. I want to password protect the cluster, so I have set: xpack.security.enabled: true in elasticsearch.yml file. Now when I restart Elasticsearch I get the message:
如果在[basic]
上启用了安全性,则必须启用传输SSL。执照。请将[xpack.security.transport.ssl.enabled]设置为[true]
或通过设置[xpack.security.enabled]禁用安全性
Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled]
我正在使用基本许可证。我看过本指南,其中说明了如何使用 elasticsearch-certutil 在节点上安装SSL证书。
I am using the basic license. I have seen this guide which explains how to use elasticsearch-certutil to install SSL certificates on the nodes.
问题:
-
是否可以通过密码保护集群而不将
xpack.security.transport.ssl.enabled设置为true?
如果我具有上述指南并在elasticsearch群集上安装SSL证书,我的网络服务器上是否需要任何ssl证书?我不希望Web服务器和elasticsearch之间的通信使用SSL。
If I have the guide mentioned above and install SSL certifiactes on elasticsearch cluster, do I need any ssl certificate on my webserver? I don't want the communication between the web server and elasticsearch to use SSL.
推荐答案
根据此答案 :
对于以生产
许可证在生产模式下运行的群集,一旦启用安全性,传输TLS / SSL也必须为
已启用。另一方面,如果我们使用的是试用许可证,则
并非必须进行TLS / SSL传输。
For a cluster that is running in production mode with a production license, once security is enabled, transport TLS/SSL must also be enabled. On the other hand, if we are running with a trial license, then transport TLS/SSL is not obligatory.
不可能。在生产模式下,如果要通过启用(设置 xpack.security.enabled = true )来使用任何xpack安全功能,则需要使用TLS / SSL证书
It's not possible. In production mode, if you want to use any of the xpack security features by enabling (setting xpack.security.enabled = true), then you need to use TLS/SSL certificate.
默认情况下,Web服务器(和Kibana)可以与群集通信,而无需任何TLS / SSL证书(该证书用于ES节点内的通信)。如果确实要在群集和Web服务器之间使用TLS / SSL,则需要设置 xpack.security.http.ssl.enabled ,将其设置为false默认值。
By default, the web server (and Kibana) can communicate with the cluster without any TLS/SSL certificate (The certificate is used for communication within ES nodes). If you do want to use TLS/SSL between the cluster and your web server, then you need to set xpack.security.http.ssl.enabled which is set to false by default.
这篇关于如果在[基本]许可证上启用了安全性,则必须启用传输SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
