elasticsearch5.x in Windows 10 series articles (4)

Elasticsearch version: 5.5.1 (the latest stable version is 5.5.2), because of the use of the IK Chinese word breaker, the latest version does not have 5.5.2, so use 5.5.1

Date: 2017-08-30

Fourth chapter: Installing Search Guard

Since the security portion of X-pack is charged, consider using other plugins instead, preferring two plugins, one is today's protagonist Search Guard and the other is Readonlyrest

Search Guard vs. Elasticsearch version comparison

Search-guard-docs in GitHub

First, stop running Elasticsearch, navigate to the ES home directory, execute the following command:

. \bin\elasticsearch-plugin Install-b Com.floragunn:search-guard-5:5.4.2-15

Execution effects such as:

If you do not have a network on the server, you can use the offline installation method:

Offline installation steps:

1, download the corresponding version of Search Guard, version of the table

2. Search Guard 5

3, SEARCH-GUARD-SSL, the subsequent use of this certificate of generation.

Second, configure search Guard

1. Download Search-guard-ssl

git clone https://github.com/floragunncom/search-guard-ssl.git

2, switch to the search guard SSL source directory, into the Example-pki-scripts folder, modify the example.sh file, modified as follows:

#!/bin/bashopenssl_ver= "$ (OpenSSL version)" If [[$OPENSSL _ver = = * "0.9" *]]; Thenecho "Your OpenSSL version is too old: $OPENSSL _ver" echo "Please install version 1.0.1 or later" Exit-1else    echo " Your OpenSSL version is: $OPENSSL _ver "fiset-e./clean.sh./gen_root_ca.sh capass changeit./gen_node_cert.sh 1 Changeit Capass./gen_client_node_cert.sh Spock Changeit capass./gen_client_node_cert.sh Kirk Changeit Capass./gen_client_node _cert.sh Kibana Changeit capassrm-f./*tmp*

3. Generate Certificate:

SH example.sh

4. Copy the Node-1-keystore.jks and Truststore.jks from the Example-pki-scripts folder into the Elasticsearch configuration directory (%es_home %/config)

5, configure Elasticsearch based on TLS encrypted communication, add the following in Elasticsearch.yml:

Searchguard.ssl.transport.keystore_filepath:node-1-keystore.jkssearchguard.ssl.transport.keystore_password: Changeitsearchguard.ssl.transport.truststore_filepath:truststore.jkssearchguard.ssl.transport.truststore_ Password:changeitsearchguard.ssl.transport.enforce_hostname_verification:false

6, restart after access: http://localhost:9200, the discovery will error, prompted not to initialize the Search Guard index.

7. Initialize the Search Guard Index, configure the account number, first copy the Kirk-keystore.jks and Truststore.jks in the Example-pki-scripts folder to%es_ In the Home%\plugins\search-guard-5\sgconfig folder

8, add the following content in Elasticsearch.yml:

SEARCHGUARD.AUTHCZ.ADMIN_DN:  -Cn=kirk,ou=client,o=client,l=test, C=de

9. Restart Elasticsearch, open terminal in \plugins\search-guard-5\ directory, execute the following command:

. \tools\sgadmin.bat-ts. \sgconfig\truststore.jks-tspass changeit-ks. \sgconfig\kirk-keystore.jks-kspass Changeit- CD. \sgconfig\-icl-nhnv-h 0.0.0.0

Show as, then execute successfully:

Use browser access: http://localhost:9200 Prompt to enter a password, enter the default User: admin admin, can login to indicate normal.

10. Configure REST-API-based HTTPS connection to add the following in Elasticsearch.yml:

Searchguard.ssl.http.enabled:truesearchguard.ssl.http.keystore_filepath: Node-1-keystore.jkssearchguard.ssl.http.keystore_password:changeitsearchguard.ssl.http.truststore_filepath: Truststore.jkssearchguard.ssl.http.truststore_password:changeit

After reboot, use the browser to access: https://localhost:9200 Prompt for password, enter the default User: admin admin, can login to indicate normal

HTTP://LOCALHOST:9200 No encryption denied access

Reference article:

http://m.blog.csdn.net/envinfo2012/article/details/76685818

http://blog.csdn.net/lulongzhou_llz/article/details/77099418

Http://www.cnblogs.com/Orgliny/p/6168986.html

Https://hacpai.com/article/1472803335867?p=1&m=0

Http://www.cnblogs.com/ywcz060/p/6950404.html

Http://www.cnblogs.com/shifu204/p/6376683.html

elasticsearch5.x in Windows 10 series articles (4)