Elasticsearch NEST HttpClientHandler 证书 [英] Elasticsearch NEST HttpClientHandler Certificate
问题描述
我正在尝试将 Elasticsearch NEST 与 .NET Core 和我们的 Elasticsearch 实例一起使用.我们通过 SSL 连接,它有一个我们需要以编程方式接受的通配符证书.我想弄清楚如何将 HttpClientHandler 挂钩到 NEST 以接受它.似乎没有关于如何做的好的文档,它只是说按照他们的说明去做 https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/connecting.html#configuring-ssl.
I am trying to use Elasticsearch NEST with .NET Core and our Elasticsearch instance. We are connecting via SSL and it has a wildcard certificate which we need to accept programmatically. I am trying to figure out how to hook the HttpClientHandler to NEST to accept it. There doesn't appear to be good documentation on how, it just says to do it on their instructions https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/connecting.html#configuring-ssl.
如果可能,我正在寻找一个例子.提前致谢!
I am looking for an example if possible. Thanks in advance!
推荐答案
这让我摸不着头脑,所以我想我会把它贴在这里.我们正在使用反向代理,我们使用证书将请求发送到 443 SSL 端口(在 azure 中负载平衡到三个客户端节点)进行身份验证,然后将其转发到本地客户端节点以分散到数据节点.该证书是自签名的,并且位于我们 api 所在的服务器上的本地存储(当前用户 > 个人)中.指纹在我们的 web.config 中.
This took me some head scratching to figure out, so I thought I would post it here. We are using a reverse proxy where we send the request to 443 SSL port (load balanced in azure to three client nodes) using a cert to authenticate, then forward that to the local client node to scatter to the data nodes. The cert is self signed, and is in the local store (Current User > Personal) on the server housing our api. The thumbprint is in our web.config.
public class ConnectionWithCert : Elasticsearch.Net.HttpConnection
{
protected override HttpWebRequest CreateHttpWebRequest(RequestData requestData)
{
var handler = base.CreateHttpWebRequest(requestData);
string certThumbprint = System.Configuration.ConfigurationManager.AppSettings["ElasticsearchCertificateThumbprint"];
X509Certificate2 certificate =
GetCertificateByThumbprint(certThumbprint);
handler.ClientCertificates.Add(certificate);
return handler;
}
/// <summary>
/// Get the certificate using the certificate thumbprint
/// </summary>
/// <param name="certificateThumbprint">Thumbprint of certificate</param>
/// <returns>Certificate object</returns>
public static X509Certificate2 GetCertificateByThumbprint(string certificateThumbprint)
{
Ensure.ArgumentNotEmpty(certificateThumbprint, nameof(certificateThumbprint));
// Open the certificate store
X509Store certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificateStore.Open(OpenFlags.ReadOnly);
// Get the certificates
var matchingCertificates = certificateStore.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false);
if (matchingCertificates.Count == 0)
{
// No certificate found
return null;
}
else
{
// Return first certificate
return matchingCertificates[0];
}
}
}
一旦我有了这个,我就可以在我的助手类的 connectionSettings 上设置它:
Once I have this, I can set that on my connectionSettings in my helper class:
public ElasticSearchHelper(string elasticSearchUrl, OcvElasticSearchDataProvider dataProvider, int elasticSearchConflictRetryCount)
{
// Parameters
this.elasticSearchConflictRetryCount = elasticSearchConflictRetryCount;
this.dataProvider = dataProvider;
// Create the ElasticSearch client and configure
var node = new Uri(elasticSearchUrl);
var pool = new SingleNodeConnectionPool(node);
var settings = new ConnectionSettings(pool, new ConnectionWithCert());
this.client = new ElasticClient(settings);
}
现在通过我的助手执行的所有操作都附加了客户端证书,并通过我的反向代理授予访问权限.
Now all operations carried out through my helper have the client cert attached, and is granted access through my reverse proxy.
这篇关于Elasticsearch NEST HttpClientHandler 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
