问题描述

我已经在Ubuntu上安装了Elasticsearch 7.1。我想用密码保护集群，所以我在 elasticsearch.yml 中设置了： xpack.security.enabled：true 文件。现在，当我重新启动Elasticsearch时，我得到消息：

I have installed Elasticsearch 7.1 on Ubuntu. I want to password protect the cluster, so I have set: xpack.security.enabled: true in elasticsearch.yml file. Now when I restart Elasticsearch I get the message:

我正在使用基本许可证。我看过，其中说明了如何使用 elasticsearch-certutil 在节点上安装SSL证书。

I am using the basic license. I have seen this guide which explains how to use elasticsearch-certutil to install SSL certificates on the nodes.

问题：

1. 是否可以通过密码保护集群而不将 xpack.security.transport.ssl.enabled 设置为true？

如果我具有上述指南并在elasticsearch群集上安装SSL证书，我的网络服务器上是否需要任何ssl证书？我不希望Web服务器和elasticsearch之间的通信使用SSL。

If I have the guide mentioned above and install SSL certifiactes on elasticsearch cluster, do I need any ssl certificate on my webserver? I don't want the communication between the web server and elasticsearch to use SSL.

推荐答案

根据 ：

不可能。在生产模式下，如果要通过启用（设置 xpack.security.enabled = true ）来使用任何xpack安全功能，则需要使用TLS / SSL证书

It's not possible. In production mode, if you want to use any of the xpack security features by enabling (setting xpack.security.enabled = true), then you need to use TLS/SSL certificate.

默认情况下，Web服务器（和Kibana）可以与群集通信，而无需任何TLS / SSL证书（该证书用于ES节点内的通信）。如果确实要在群集和Web服务器之间使用TLS / SSL，则需要设置 xpack.security.http.ssl.enabled ，将其设置为false默认值。

By default, the web server (and Kibana) can communicate with the cluster without any TLS/SSL certificate (The certificate is used for communication within ES nodes). If you do want to use TLS/SSL between the cluster and your web server, then you need to set xpack.security.http.ssl.enabled which is set to false by default.

这篇关于如果在[基本]许可证上启用了安全性，则必须启用传输SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！