Elasticsearch version: 5.5.1 (the latest stable version is 5.5.2), because of the use of the IK Chinese word breaker, the latest version does not have 5.5.2, so use 5.5.1
Date: 2017-08-30
Fourth chapter: Installing Search Guard
Since the security portion of X-pack is charged, consider using other plugins instead, preferring two plugins, one is today's protagonist Search Guard and the other is Readonlyrest
Search Guard vs. Elasticsearch version comparison
Search-guard-docs in GitHub
First, stop running Elasticsearch, navigate to the ES home directory, execute the following command:
. \bin\elasticsearch-plugin Install-b Com.floragunn:search-guard-5:5.4.2-15
Execution effects such as:
If you do not have a network on the server, you can use the offline installation method:
Offline installation steps:
1, download the corresponding version of Search Guard, version of the table
2. Search Guard 5
3, SEARCH-GUARD-SSL, the subsequent use of this certificate of generation.
Second, configure search Guard
1. Download Search-guard-ssl
git clone https://github.com/floragunncom/search-guard-ssl.git
2, switch to the search guard SSL source directory, into the Example-pki-scripts folder, modify the example.sh file, modified as follows:
#!/bin/bashopenssl_ver= "$ (OpenSSL version)" If [[$OPENSSL _ver = = * "0.9" *]]; Thenecho "Your OpenSSL version is too old: $OPENSSL _ver" echo "Please install version 1.0.1 or later" Exit-1else echo " Your OpenSSL version is: $OPENSSL _ver "fiset-e./clean.sh./gen_root_ca.sh capass changeit./gen_node_cert.sh 1 Changeit Capass./gen_client_node_cert.sh Spock Changeit capass./gen_client_node_cert.sh Kirk Changeit Capass./gen_client_node _cert.sh Kibana Changeit capassrm-f./*tmp*
3. Generate Certificate:
SH example.sh
4. Copy the Node-1-keystore.jks and Truststore.jks from the Example-pki-scripts folder into the Elasticsearch configuration directory (%es_home %/config)
5, configure Elasticsearch based on TLS encrypted communication, add the following in Elasticsearch.yml:
Searchguard.ssl.transport.keystore_filepath:node-1-keystore.jkssearchguard.ssl.transport.keystore_password: Changeitsearchguard.ssl.transport.truststore_filepath:truststore.jkssearchguard.ssl.transport.truststore_ Password:changeitsearchguard.ssl.transport.enforce_hostname_verification:false
6, restart after access: http://localhost:9200, the discovery will error, prompted not to initialize the Search Guard index.
7. Initialize the Search Guard Index, configure the account number, first copy the Kirk-keystore.jks and Truststore.jks in the Example-pki-scripts folder to%es_ In the Home%\plugins\search-guard-5\sgconfig folder
8, add the following content in Elasticsearch.yml:
SEARCHGUARD.AUTHCZ.ADMIN_DN: -Cn=kirk,ou=client,o=client,l=test, C=de
9. Restart Elasticsearch, open terminal in \plugins\search-guard-5\ directory, execute the following command:
. \tools\sgadmin.bat-ts. \sgconfig\truststore.jks-tspass changeit-ks. \sgconfig\kirk-keystore.jks-kspass Changeit- CD. \sgconfig\-icl-nhnv-h 0.0.0.0
Show as, then execute successfully:
Use browser access: http://localhost:9200 Prompt to enter a password, enter the default User: admin admin, can login to indicate normal.
10. Configure REST-API-based HTTPS connection to add the following in Elasticsearch.yml:
Searchguard.ssl.http.enabled:truesearchguard.ssl.http.keystore_filepath: Node-1-keystore.jkssearchguard.ssl.http.keystore_password:changeitsearchguard.ssl.http.truststore_filepath: Truststore.jkssearchguard.ssl.http.truststore_password:changeit
After reboot, use the browser to access: https://localhost:9200 Prompt for password, enter the default User: admin admin, can login to indicate normal
HTTP://LOCALHOST:9200 No encryption denied access
Reference article:
http://m.blog.csdn.net/envinfo2012/article/details/76685818
http://blog.csdn.net/lulongzhou_llz/article/details/77099418
Http://www.cnblogs.com/Orgliny/p/6168986.html
Https://hacpai.com/article/1472803335867?p=1&m=0
Http://www.cnblogs.com/ywcz060/p/6950404.html
Http://www.cnblogs.com/shifu204/p/6376683.html
elasticsearch5.x in Windows 10 series articles (4)