使用docker环境变量在Elasticsearch中启用身份验证 [英] Enable Authentication in elasticsearch with docker environment variable
问题描述
我想问一下如何启用身份验证(x-pack)。就我而言,我使用的是Elasticsearch v.6.2.4的docker image。我的问题是安装了xpack,但它并没有要求提供凭据。
I would like to ask how will I be able to enable authentication (x-pack). In my case I am using docker image of elasticsearch v.6.2.4. My problem is that xpack is installed but it is not asking for credentials.
谢谢您的帮助!
我知道xpack已安装,因此在我的kibana
在此处输入图片描述
I know that xpack is installed because of this in my kibana enter image description here
推荐答案
Xpack随附的Elasticsearch安全功能包括不是免费的,有一个月的试用版,然后是付费版。
Elasticsearch security features that come with Xpack are not for free, there is a trial version for a month and then a paid version.
但是根据此弹性博客,它是从版本(6.8.0和7.1.0)开始免费提供的版本。
But according to this elastic blog, it is for free starting in versions (6.8.0 and 7.1.0).
我写这个答案来通过docker-compose激活免费的Elasticsearch安全功能。
I write this answer to activate free Elasticsearch security features with docker-compose.
请记住,在使用以下代码时,Kibana和Elasticsearch节点用户名和密码是安全的,因此访问Elasticsearch的其余客户端必须具有凭据,此答案会有所帮助。
这是我的代码:
version: '3'
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
command: >
bash -c '
if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
fi;
chown -R 1000:0 /usr/share/elasticsearch/config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['certs:/usr/share/elasticsearch/config/certificates']
elasticsearch:
container_name: elasticsearch
depends_on: [create_certs]
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=MyPassword # password for default user: elastic
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates']
ulimits:
nofile:
soft: 65536
hard: 65536
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
kibana:
container_name: kibana
depends_on: [elasticsearch]
image: docker.elastic.co/kibana/kibana:6.8.0
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=MyPassword
ports:
- "5601:5601"
volumes: {"esdata", "certs"}
这篇关于使用docker环境变量在Elasticsearch中启用身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!