使用docker环境变量在Elasticsearch中启用身份验证 [英] Enable Authentication in elasticsearch with docker environment variable

问题描述

我想问一下如何启用身份验证（x-pack）。就我而言，我使用的是Elasticsearch v.6.2.4的docker image。我的问题是安装了xpack，但它并没有要求提供凭据。

I would like to ask how will I be able to enable authentication (x-pack). In my case I am using docker image of elasticsearch v.6.2.4. My problem is that xpack is installed but it is not asking for credentials.

谢谢您的帮助！

我知道xpack已安装，因此在我的kibana
在此处输入图片描述

I know that xpack is installed because of this in my kibana enter image description here

推荐答案

Xpack随附的Elasticsearch安全功能包括不是免费的，有一个月的试用版，然后是付费版。

Elasticsearch security features that come with Xpack are not for free, there is a trial version for a month and then a paid version.

但是根据此弹性博客，它是从版本（6.8.0和7.1.0）开始免费提供的版本。

But according to this elastic blog, it is for free starting in versions (6.8.0 and 7.1.0).

我写这个答案来通过docker-compose激活免费的Elasticsearch安全功能。

I write this answer to activate free Elasticsearch security features with docker-compose.

请记住，在使用以下代码时，Kibana和Elasticsearch节点用户名和密码是安全的，因此访问Elasticsearch的其余客户端必须具有凭据，此答案会有所帮助。

这是我的代码：

version: '3'

services:
  create_certs:
    container_name: create_certs
    image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
    command: >
      bash -c '
        if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
          bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
        fi;
        chown -R 1000:0 /usr/share/elasticsearch/config/certificates
      '
    user: "0"
    working_dir: /usr/share/elasticsearch
    volumes: ['certs:/usr/share/elasticsearch/config/certificates']

  elasticsearch:
    container_name: elasticsearch
    depends_on: [create_certs]
    image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - ELASTIC_PASSWORD=MyPassword # password for default user: elastic 
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
    volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates']
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
      memlock:
        soft: -1
        hard: -1
    ports:
      - "9200:9200"

  kibana:
    container_name: kibana
    depends_on: [elasticsearch]
    image: docker.elastic.co/kibana/kibana:6.8.0
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MyPassword
    ports:
      - "5601:5601"

volumes: {"esdata", "certs"}

这篇关于使用docker环境变量在Elasticsearch中启用身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！