问题描述
我已经在Ubuntu上安装了Elasticsearch 7.1。我想用密码保护集群,所以我在 elasticsearch.yml
中设置了: xpack.security.enabled:true
文件。现在,当我重新启动Elasticsearch时,我得到消息:
I have installed Elasticsearch 7.1 on Ubuntu. I want to password protect the cluster, so I have set: xpack.security.enabled: true
in elasticsearch.yml
file. Now when I restart Elasticsearch I get the message:
我正在使用基本许可证。我看过,其中说明了如何使用 elasticsearch-certutil
在节点上安装SSL证书。
I am using the basic license. I have seen this guide which explains how to use elasticsearch-certutil
to install SSL certificates on the nodes.
问题:
-
是否可以通过密码保护集群而不将
xpack.security.transport.ssl.enabled
设置为true?
如果我具有上述指南并在elasticsearch群集上安装SSL证书,我的网络服务器上是否需要任何ssl证书?我不希望Web服务器和elasticsearch之间的通信使用SSL。
If I have the guide mentioned above and install SSL certifiactes on elasticsearch cluster, do I need any ssl certificate on my webserver? I don't want the communication between the web server and elasticsearch to use SSL.
推荐答案
根据 :
不可能。在生产模式下,如果要通过启用(设置 xpack.security.enabled = true
)来使用任何xpack安全功能,则需要使用TLS / SSL证书
It's not possible. In production mode, if you want to use any of the xpack security features by enabling (setting xpack.security.enabled = true
), then you need to use TLS/SSL certificate.
默认情况下,Web服务器(和Kibana)可以与群集通信,而无需任何TLS / SSL证书(该证书用于ES节点内的通信)。如果确实要在群集和Web服务器之间使用TLS / SSL,则需要设置 xpack.security.http.ssl.enabled
,将其设置为false默认值。
By default, the web server (and Kibana) can communicate with the cluster without any TLS/SSL certificate (The certificate is used for communication within ES nodes). If you do want to use TLS/SSL between the cluster and your web server, then you need to set xpack.security.http.ssl.enabled
which is set to false by default.
这篇关于如果在[基本]许可证上启用了安全性,则必须启用传输SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!