{"id":40758,"date":"2023-02-04T04:04:35","date_gmt":"2023-08-24T15:21:23","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/"},"modified":"2024-01-15T10:45:09","modified_gmt":"2024-01-15T02:45:09","slug":"%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/","title":{"rendered":"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6"},"content":{"rendered":"<h1>\u9996\u5148<\/h1>\n<p>\u7531\u4e8e\u8ba1\u5212\u5728\u81ea\u5df1\u7684\u73af\u5883\u4e2d\u5bf9Elastic Stack\u8fdb\u884cTLS\u52a0\u5bc6\u8fd0\u7ef4\uff0c\u56e0\u6b64\u9700\u8981\u73b0\u5728\u5c31\u6574\u7406\u6b65\u9aa4\u3002\u73af\u5883\u5982\u4e0b\uff1a<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">OS: Ubuntu 20.04<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">Elasticsearch: 7.8.1<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">Kibana: 7.8.1<\/ul>\n<h1>\u5907\u9f50<\/h1>\n<h2>\u5b89\u88c5Elasticsearch\u548cKibana<\/h2>\n<p>\u4ece\u4ee5\u4e0b\u7684URL\u4e0b\u8f7d\u8f6f\u4ef6\u5305\u3002<br \/>\nhttps:\/\/www.elastic.co\/jp\/downloads\/<\/p>\n<p>\u7136\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>dpkg <span class=\"nt\">-i<\/span> elasticsearch-7.8.1-amd64.deb\r\n<span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>dpkg <span class=\"nt\">-i<\/span> kibana-7.8.1-amd64.deb \r\n<\/code><\/pre>\n<h2>\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf<\/h2>\n<p>\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5728Shift+G\u5904\u79fb\u52a8\u5230\u672b\u5c3e\u5e76\u8ffd\u52a0\u73af\u5883\u53d8\u91cf\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim ~\/.bashrc\r\n<span class=\"go\">\r\nES_HOME=\/usr\/share\/elasticsearch\r\nES_PATH_CONF=\/etc\/elasticsearch\r\n<\/span><\/code><\/pre>\n<p>\u4f7f\u7528echo\u547d\u4ee4\u6765\u786e\u8ba4\u662f\u5426\u5df2\u8fdb\u884c\u8bbe\u5b9a\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">echo<\/span> <span class=\"nv\">$ES_HOME<\/span>\r\n<span class=\"go\">\/usr\/share\/elasticsearch\r\n\r\n<\/span><span class=\"gp\">#<\/span> <span class=\"nb\">echo<\/span> <span class=\"nv\">$ES_PATH_CONF<\/span>\r\n<span class=\"go\">\/etc\/elasticsearch\r\n<\/span><\/code><\/pre>\n<h2>\u786e\u8ba4 Elasticsearch \u662f\u5426\u5df2\u542f\u52a8\u3002<\/h2>\n<p>\u7528\u4ee5\u4e0b\u547d\u4ee4\u6765\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim \/etc\/elasticsearch\/elasticsearch.yml\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0b\u4e3a\u7f16\u8f91\u5185\u5bb9\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"s\">cluster.name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">exam-cluster<\/span>\r\n<span class=\"s\">node.name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">node-4<\/span>\r\n<span class=\"s\">network.host<\/span><span class=\"pi\">:<\/span> <span class=\"s\">0.0.0.0<\/span>\r\n<span class=\"s\">http.port<\/span><span class=\"pi\">:<\/span> <span class=\"m\">9200<\/span>\r\n<span class=\"s\">cluster.initial_master_nodes<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">[<\/span><span class=\"s2\">\"<\/span><span class=\"s\">node-4\"<\/span><span class=\"pi\">]<\/span>\r\n<\/code><\/pre>\n<p>\u5b8c\u6210\u7f16\u8f91\u540e\uff0c\u6267\u884c\u670d\u52a1\u542f\u52a8\u548c\u72b6\u6001\u786e\u8ba4\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl start elasticsearch\r\n<span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl status elasticsearch\r\n<span class=\"go\">\u25cf elasticsearch.service - Elasticsearch\r\n<\/span><span class=\"gp\">     Loaded: loaded (\/lib\/systemd\/system\/elasticsearch.service;<\/span> disabled<span class=\"p\">;<\/span> vendor preset: enabled<span class=\"o\">)<\/span>\r\n<span class=\"gp\">     Active: active (running) since Sun 2020-08-09 13:35:05 JST;<\/span> 3min 44s ago\r\n<span class=\"go\">       Docs: https:\/\/www.elastic.co\r\n   Main PID: 5145 (java)\r\n      Tasks: 74 (limit: 9455)\r\n     Memory: 1.2G\r\n     CGroup: \/system.slice\/elasticsearch.service\r\n<\/span><span class=\"gp\">             \u251c\u25005145 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys&gt;<\/span>\r\n<span class=\"go\">             \u2514\u25005343 \/usr\/share\/elasticsearch\/modules\/x-pack-ml\/platform\/linux-x86_64\/bin\/controller\r\n\r\n 8\u6708 09 13:34:55 elastic-tls systemd[1]: Starting Elasticsearch...\r\n 8\u6708 09 13:35:05 elastic-tls systemd[1]: Started Elasticsearch.\r\n<\/span><\/code><\/pre>\n<p>\u5982\u679c\u663e\u793a\u4e3a\u6d3b\u52a8\uff08\u8fd0\u884c\uff09\uff0c\u5219\u670d\u52a1\u5e94\u8be5\u5df2\u7ecf\u542f\u52a8\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528curl\u8bbf\u95eeAPI\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> curl localhost:9200\r\n<span class=\"go\">{\r\n  \"name\" : \"node-4\",\r\n  \"cluster_name\" : \"exam-cluster\",\r\n  \"cluster_uuid\" : \"COZ8D3F4TjGYtc0f8zkvRw\",\r\n  \"version\" : {\r\n    \"number\" : \"7.8.1\",\r\n    \"build_flavor\" : \"default\",\r\n    \"build_type\" : \"deb\",\r\n    \"build_hash\" : \"b5ca9c58fb664ca8bf9e4057fc229b3396bf3a89\",\r\n    \"build_date\" : \"2020-07-21T16:40:44.668009Z\",\r\n    \"build_snapshot\" : false,\r\n    \"lucene_version\" : \"8.5.1\",\r\n    \"minimum_wire_compatibility_version\" : \"6.8.0\",\r\n    \"minimum_index_compatibility_version\" : \"6.0.0-beta1\"\r\n  },\r\n  \"tagline\" : \"You Know, for Search\"\r\n}\r\n<\/span><\/code><\/pre>\n<h2>\u786e\u8ba4 Kibana \u662f\u5426\u6210\u529f\u542f\u52a8\u3002<\/h2>\n<p>\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6765\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim \/etc\/elasticsearch\/elasticsearch.yml\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0b\u662f\u7f16\u8f91\u5185\u5bb9\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"s\">server.host<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">0.0.0.0\"<\/span>\r\n<span class=\"s\">elasticsearch.hosts<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">[<\/span><span class=\"s2\">\"<\/span><span class=\"s\">http:\/\/localhost:9200\"<\/span><span class=\"pi\">]<\/span>\r\n<\/code><\/pre>\n<p>\u5f53\u7f16\u8f91\u5b8c\u6210\u540e\uff0c\u6267\u884c\u670d\u52a1\u7684\u542f\u52a8\u548c\u72b6\u6001\u786e\u8ba4\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl start kibana\r\n<span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl status kibana\r\n<span class=\"go\">\u25cf kibana.service - Kibana\r\n<\/span><span class=\"gp\">     Loaded: loaded (\/etc\/systemd\/system\/kibana.service;<\/span> disabled<span class=\"p\">;<\/span> vendor preset: enabled<span class=\"o\">)<\/span>\r\n<span class=\"gp\">     Active: active (running) since Sun 2020-08-09 13:37:06 JST;<\/span> 3min 17s ago\r\n<span class=\"go\">   Main PID: 5406 (node)\r\n      Tasks: 11 (limit: 9455)\r\n     Memory: 637.7M\r\n     CGroup: \/system.slice\/kibana.service\r\n             \u2514\u25005406 \/usr\/share\/kibana\/bin\/..\/node\/bin\/node \/usr\/share\/kibana\/bin\/..\/src\/cli\r\n<\/span><\/code><\/pre>\n<p>\u53ea\u8981\u663e\u793a\u4e3a\u6d3b\u52a8\uff08running\uff09\uff0c\u670d\u52a1\u5e94\u8be5\u5df2\u7ecf\u542f\u52a8\u4e86\u3002\u5728Web\u6d4f\u89c8\u5668\u4e2d\u8bbf\u95eehttp:\/\/localhost:5601\/\u3002<\/p>\n<h1>Elasticsearch \u914d\u7f6e<\/h1>\n<p>\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u76ee\u5f55\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">mkdir<\/span> \/tmp\/cert_blog\r\n<\/code><\/pre>\n<p>\u751f\u6210CA\u548c\u670d\u52a1\u5668\u8bc1\u4e66\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">cd<\/span> <span class=\"nv\">$ES_HOME<\/span>\r\n<span class=\"gp\">#<\/span> bin\/elasticsearch-certutil cert ca <span class=\"nt\">--pem<\/span>\r\n<span class=\"go\">This tool assists you in the generation of X.509 certificates and certificate\r\nsigning requests for use with SSL\/TLS in the Elastic stack.\r\n\r\nThe 'cert' mode generates X.509 certificate and private keys.\r\n    * By default, this generates a single certificate and key for use\r\n       on a single instance.\r\n    * The '-multiple' option will prompt you to enter details for multiple\r\n       instances and will generate a certificate and key for each one\r\n    * The '-in' option allows for the certificate generation to be automated by describing\r\n       the details of each instance in a YAML file\r\n\r\n    * An instance is any piece of the Elastic Stack that requires an SSL certificate.\r\n      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats\r\n      may all require a certificate and private key.\r\n    * The minimum required value for each instance is a name. This can simply be the\r\n      hostname, which will be used as the Common Name of the certificate. A full\r\n      distinguished name may also be used.\r\n    * A filename value may be required for each instance. This is necessary when the\r\n      name would result in an invalid file or directory name. The name provided here\r\n      is used as the directory name (within the zip) and the prefix for the key and\r\n      certificate files. The filename is required if you are prompted and the name\r\n      is not displayed in the prompt.\r\n    * IP addresses and DNS names are optional. Multiple values can be specified as a\r\n      comma separated string. If no IP addresses or DNS names are provided, you may\r\n      disable hostname verification in your SSL configuration.\r\n\r\n    * All certificates generated by this tool will be signed by a certificate authority (CA).\r\n    * The tool can automatically generate a new CA for you, or you can provide your own with the\r\n         -ca or -ca-cert command line options.\r\n\r\n<\/span><span class=\"gp\">By default the 'cert' mode produces a single PKCS#<\/span>12 output file which holds:\r\n<span class=\"go\">    * The instance certificate\r\n    * The private key for the instance certificate\r\n    * The CA certificate\r\n\r\nIf you specify any of the following options:\r\n    * -pem (PEM formatted output)\r\n    * -keep-ca-key (retain generated CA key)\r\n    * -multiple (generate multiple certificates)\r\n    * -in (generate certificates from an input file)\r\nthen the output will be be a zip file containing individual certificate\/key files\r\n\r\nPlease enter the desired output file [certificate-bundle.zip]: \r\n\r\nCertificates written to \/usr\/share\/elasticsearch\/certificate-bundle.zip\r\n\r\nThis file should be properly secured as it contains the private key for \r\nyour instance.\r\n\r\nAfter unzipping the file, there will be a directory for each instance.\r\nEach instance has a certificate and private key.\r\nFor each Elastic product that you wish to configure, you should copy\r\nthe certificate, key, and CA certificate to the relevant configuration directory\r\nand then follow the SSL configuration instructions in the product guide.\r\n\r\nFor client applications, you may only need to copy the CA certificate and\r\nconfigure the client to trust this certificate.\r\n<\/span><\/code><\/pre>\n<p>\u89e3\u538b\u751f\u6210\u7684zip\u6587\u4ef6\uff0c\u5e76\u79fb\u52a8\u6587\u4ef6\uff08ca.crt\u3001instance.crt\u3001instance.key\uff09\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">mv <\/span>certificate-bundle.zip \/tmp\/cert_blog\/\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">cd<\/span> \/tmp\/cert_blog\r\n<span class=\"gp\">#<\/span> unzip certificate-bundle.zip <span class=\"nt\">-d<\/span> .\/certs\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">cd<\/span> <span class=\"nv\">$ES_PATH_CONF<\/span>\/\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">mkdir <\/span>certs\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">cp<\/span> \/tmp\/cert_blog\/certs\/ca\/ca.crt \/tmp\/cert_blog\/certs\/instance\/instance.crt \/tmp\/cert_blog\/certs\/instance\/instance.key certs\/\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u6587\u4ef6\u662f\u5426\u5df2\u88ab\u79fb\u52a8\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">ls<\/span> <span class=\"nt\">-l<\/span> \/etc\/elasticsearch\/certs\/\r\n<span class=\"go\">\u5408\u8a08 12\r\n-rw-r--r-- 1 root elasticsearch 1200  8\u6708  9 13:54 ca.crt\r\n-rw-r--r-- 1 root elasticsearch 1147  8\u6708  9 13:56 instance.crt\r\n-rw-r--r-- 1 root elasticsearch 1675  8\u6708  9 13:56 instance.key\r\n<\/span><\/code><\/pre>\n<p>\u7f16\u8f91elasticsearch.yml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim \/etc\/elasticsearch\/elasticsearch.yml\r\n<\/code><\/pre>\n<p>\u7f16\u8f91\u4ee5\u4e0b\u5185\u5bb9\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"s\">xpack.security.enabled<\/span><span class=\"pi\">:<\/span> <span class=\"no\">true<\/span>\r\n<span class=\"s\">xpack.security.http.ssl.enabled<\/span><span class=\"pi\">:<\/span> <span class=\"no\">true<\/span>\r\n<span class=\"s\">xpack.security.transport.ssl.enabled<\/span><span class=\"pi\">:<\/span> <span class=\"no\">true<\/span>\r\n<span class=\"s\">xpack.security.http.ssl.key<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/instance.key<\/span>\r\n<span class=\"s\">xpack.security.http.ssl.certificate<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/instance.crt<\/span>\r\n<span class=\"s\">xpack.security.http.ssl.certificate_authorities<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/ca.crt<\/span>\r\n<span class=\"s\">xpack.security.transport.ssl.key<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/instance.key<\/span>\r\n<span class=\"s\">xpack.security.transport.ssl.certificate<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/instance.crt<\/span>\r\n<span class=\"s\">xpack.security.transport.ssl.certificate_authorities<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certs\/ca.crt<\/span>\r\n<span class=\"s\">xpack.security.http.ssl.verification_mode<\/span><span class=\"pi\">:<\/span> <span class=\"s\">certificate<\/span>\r\n<\/code><\/pre>\n<p>\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl restart elasticsearch\r\n<span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl status elasticsearch\r\n<span class=\"go\">\u25cf elasticsearch.service - Elasticsearch\r\n<\/span><span class=\"gp\">     Loaded: loaded (\/lib\/systemd\/system\/elasticsearch.service;<\/span> disabled<span class=\"p\">;<\/span> vendor preset: enabled<span class=\"o\">)<\/span>\r\n<span class=\"gp\">     Active: active (running) since Sun 2020-08-09 14:50:09 JST;<\/span> 15s ago\r\n<span class=\"go\">       Docs: https:\/\/www.elastic.co\r\n   Main PID: 9276 (java)\r\n      Tasks: 75 (limit: 9455)\r\n     Memory: 1.2G\r\n     CGroup: \/system.slice\/elasticsearch.service\r\n<\/span><span class=\"gp\">             \u251c\u25009276 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.&gt;<\/span>\r\n<span class=\"go\">             \u2514\u25009475 \/usr\/share\/elasticsearch\/modules\/x-pack-ml\/platform\/linux-x86_64\/bin\/controller\r\n\r\n 8\u6708 09 14:50:00 elastic-tls systemd[1]: Starting Elasticsearch...\r\n 8\u6708 09 14:50:09 elastic-tls systemd[1]: Started Elasticsearch.\r\n<\/span><\/code><\/pre>\n<p>\u751f\u6210\u7528\u6237\u5bc6\u7801\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">cd<\/span> <span class=\"nv\">$ES_HOME<\/span>\r\n<span class=\"gp\">#<\/span> bin\/elasticsearch-setup-passwords auto <span class=\"nt\">-url<\/span> <span class=\"s2\">\"https:\/\/localhost:9200\"<\/span>\r\n<span class=\"go\">Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.\r\nThe passwords will be randomly generated and printed to the console.\r\nPlease confirm that you would like to continue [y\/N]y\r\n\r\n\r\nChanged password for user apm_system\r\nPASSWORD apm_system = \r\n\r\nChanged password for user kibana_system\r\nPASSWORD kibana_system = \r\n\r\nChanged password for user kibana\r\nPASSWORD kibana = \r\n\r\nChanged password for user logstash_system\r\nPASSWORD logstash_system = \r\n\r\nChanged password for user beats_system\r\nPASSWORD beats_system = \r\n\r\nChanged password for user remote_monitoring_user\r\nPASSWORD remote_monitoring_user = \r\n\r\nChanged password for user elastic\r\nPASSWORD elastic = \r\n<\/span><\/code><\/pre>\n<p>\u901a\u8fc7\u4f7f\u7528\u5bc6\u7801\u786e\u8ba4\u662f\u5426\u53ef\u4ee5\u5728https\u8fde\u63a5\u4e2d\u8fdb\u884c\u8fde\u63a5\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> curl <span class=\"nt\">-k<\/span> <span class=\"nt\">--cacert<\/span> \/tmp\/cert_blog\/certs\/ca\/ca.crt <span class=\"nt\">-u<\/span> elastic <span class=\"s1\">'https:\/\/localhost:9200\/_cat\/nodes?v'<\/span>\r\n<span class=\"go\">Enter host password for user 'elastic':\r\nip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name\r\n192.168.44.190           51          98   4    0.18    0.15     0.16 dilmrt    *      node-4\r\n<\/span><\/code><\/pre>\n<h1>Kibana \u7684\u914d\u7f6e<\/h1>\n<p>\u8a2d\u7f6e\u74b0\u5883\u8b8a\u6578\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim ~\/.bashrc\r\n<span class=\"go\">\r\nKIBANA_HOME=\/usr\/share\/kibana\r\nKIBANA_PATH_CONFIG=\/etc\/kibana\r\n<\/span><\/code><\/pre>\n<p>\u786e\u8ba4\u662f\u5426\u5df2\u7ecf\u8bbe\u5b9a\u597d\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">echo<\/span> <span class=\"nv\">$KIBANA_HOME<\/span>\r\n<span class=\"go\">\/usr\/share\/kibana\r\n<\/span><span class=\"gp\">#<\/span> <span class=\"nb\">echo<\/span> <span class=\"nv\">$KIBANA_PATH_CONFIG<\/span>\r\n<span class=\"go\">\/etc\/kibana\r\n<\/span><\/code><\/pre>\n<p>\u590d\u5236\u751f\u6210\u7528\u4e8eElasticsearch\u7684TLS\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> <span class=\"nb\">mkdir<\/span> <span class=\"nt\">-p<\/span> \/etc\/kibana\/config\/certs\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">cp<\/span> <span class=\"nt\">-p<\/span> \/etc\/elasticsearch\/certs\/<span class=\"k\">*<\/span> \/etc\/kibana\/config\/certs\/\r\n<span class=\"gp\">#<\/span> <span class=\"nb\">ls<\/span> <span class=\"nt\">-l<\/span> \/etc\/kibana\/config\/certs\/\r\n<span class=\"go\">\u5408\u8a08 12\r\n-rw-r--r-- 1 root elasticsearch 1200  8\u6708  9 13:54 ca.crt\r\n-rw-r--r-- 1 root elasticsearch 1147  8\u6708  9 13:56 instance.crt\r\n-rw-r--r-- 1 root elasticsearch 1675  8\u6708  9 13:56 instance.key\r\n<\/span><\/code><\/pre>\n<p>\u4fee\u6539kibana.yml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">#<\/span> vim kibana.yml\r\n<\/code><\/pre>\n<p>\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u8fdb\u884c\u7f16\u8f91\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"s\">server.ssl.enabled<\/span><span class=\"pi\">:<\/span> <span class=\"no\">true<\/span>\r\n<span class=\"s\">server.ssl.certificate<\/span><span class=\"pi\">:<\/span> <span class=\"s\">\/etc\/kibana\/config\/certs\/instance.crt<\/span>\r\n<span class=\"s\">server.ssl.key<\/span><span class=\"pi\">:<\/span> <span class=\"s\">\/etc\/kibana\/config\/certs\/instance.key<\/span>\r\n<span class=\"s\">elasticsearch.hosts<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">[<\/span><span class=\"s2\">\"<\/span><span class=\"s\">https:\/\/localhost:9200\"<\/span><span class=\"pi\">]<\/span>\r\n<span class=\"s\">elasticsearch.username<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">kibana\"<\/span>\r\n<span class=\"s\">elasticsearch.password<\/span><span class=\"pi\">:<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">\"<\/span>\r\n<span class=\"s\">elasticsearch.ssl.certificateAuthorities<\/span><span class=\"pi\">:<\/span> <span class=\"pi\">[<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">\/etc\/kibana\/config\/certs\/ca.crt\"<\/span> <span class=\"pi\">]<\/span>\r\n<span class=\"s\">elasticsearch.ssl.verificationMode<\/span><span class=\"pi\">:<\/span> <span class=\"s\">none<\/span>\r\n<\/code><\/pre>\n<p>\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl restart kibana\r\n<span class=\"gp\">$<\/span> <span class=\"nb\">sudo <\/span>systemctl status kibana\r\n<span class=\"go\">\u25cf kibana.service - Kibana\r\n<\/span><span class=\"gp\">     Loaded: loaded (\/etc\/systemd\/system\/kibana.service;<\/span> disabled<span class=\"p\">;<\/span> vendor preset: enabled<span class=\"o\">)<\/span>\r\n<span class=\"gp\">     Active: active (running) since Sun 2020-08-09 15:11:59 JST;<\/span> 6s ago\r\n<span class=\"go\">   Main PID: 9782 (node)\r\n      Tasks: 11 (limit: 9455)\r\n     Memory: 651.7M\r\n     CGroup: \/system.slice\/kibana.service\r\n             \u2514\u25009782 \/usr\/share\/kibana\/bin\/..\/node\/bin\/node \/usr\/share\/kibana\/bin\/..\/src\/cli\r\n<\/span><\/code><\/pre>\n<p>\u4f7f\u7528\u7f51\u7edc\u6d4f\u89c8\u5668\u8bbf\u95eehttps:\/\/localhost:5601\/\uff0c\u4f7f\u7528elastic\u7528\u6237\u7684\u8d26\u6237\u4fe1\u606f\u8fdb\u884c\u767b\u5f55\u3002<\/p>\n<p>\u5982\u679c\u80fd\u591f\u767b\u5f55\uff0c\u90a3\u4e48\u5728\u8fd9\u7bc7\u6587\u7ae0\u4e2d\u8bbe\u5b9a\u7684\u4e8b\u60c5\u5df2\u7ecf\u5b8c\u6210\u4e86\u3002<\/p>\n<h1>\u6700\u540e<\/h1>\n<p>\u65e9\u524d\u5e0c\u671b\u5b9e\u65bd\u7684TLS\u5316\u5df2\u7ecf\u5b8c\u6210\uff0c\u5e76\u4e14\u6211\u4eec\u80fd\u591f\u6574\u7406\u51fa\u5b9e\u65bd\u6b65\u9aa4\u3002\u5c06\u6765\uff0c\u6211\u60f3\u6839\u636e\u4ee5\u5f80\u7684\u5b9e\u8df5\u5185\u5bb9\u548c\u8bb0\u5f55\u7684\u6587\u7ae0\uff0c\u5728\u6784\u5efaElastic Stack\u65f6\uff0c\u6574\u7406\u4e2a\u4eba\u60f3\u8981\u8bbe\u7f6e\u7684\u4e8b\u9879\u3002<\/p>\n<p>\u53e6\u5916\uff0c\u6211\u8fd8\u60f3\u5c1d\u8bd5\u5c06Logstash\u8fdb\u884cTLS\u52a0\u5bc6\u3002<\/p>\n<h1>\u53c2\u8003\u8d44\u6599<\/h1>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">https:\/\/www.elastic.co\/jp\/blog\/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-tls-kibana<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">https:\/\/discuss.elastic.co\/t\/no-living-connections\/183480\/3<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u9996\u5148 \u7531\u4e8e\u8ba1\u5212\u5728\u81ea\u5df1\u7684\u73af\u5883\u4e2d\u5bf9Elastic Stack\u8fdb\u884cTLS\u52a0\u5bc6\u8fd0\u7ef4\uff0c\u56e0\u6b64\u9700\u8981\u73b0\u5728\u5c31\u6574\u7406\u6b65\u9aa4\u3002\u73af\u5883\u5982\u4e0b\uff1a [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-40758","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5c06elastic-stack\u7684tls\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148 \u7531\u4e8e\u8ba1\u5212\u5728\u81ea\u5df1\u7684\u73af\u5883\u4e2d\u5bf9Elastic Stack\u8fdb\u884cTLS\u52a0\u5bc6\u8fd0\u7ef4\uff0c\u56e0\u6b64\u9700\u8981\u73b0\u5728\u5c31\u6574\u7406\u6b65\u9aa4\u3002\u73af\u5883\u5982\u4e0b\uff1a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5c06elastic-stack\u7684tls\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-24T15:21:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-15T02:45:09+00:00\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/\",\"name\":\"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-08-24T15:21:23+00:00\",\"dateModified\":\"2024-01-15T02:45:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5c06elastic-stack\u7684tls\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6","og_description":"\u9996\u5148 \u7531\u4e8e\u8ba1\u5212\u5728\u81ea\u5df1\u7684\u73af\u5883\u4e2d\u5bf9Elastic Stack\u8fdb\u884cTLS\u52a0\u5bc6\u8fd0\u7ef4\uff0c\u56e0\u6b64\u9700\u8981\u73b0\u5728\u5c31\u6574\u7406\u6b65\u9aa4\u3002\u73af\u5883\u5982\u4e0b\uff1a [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5c06elastic-stack\u7684tls\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-08-24T15:21:23+00:00","article_modified_time":"2024-01-15T02:45:09+00:00","author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"7 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/","name":"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-08-24T15:21:23+00:00","dateModified":"2024-01-15T02:45:09+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5c06Elastic Stack\u7684TLS\u8bbe\u7f6e\u8fdb\u884c\u52a0\u5bc6"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%86elastic-stack%e7%9a%84tls%e8%ae%be%e7%bd%ae%e8%bf%9b%e8%a1%8c%e5%8a%a0%e5%af%86%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=40758"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40758\/revisions"}],"predecessor-version":[{"id":58743,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40758\/revisions\/58743"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=40758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=40758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=40758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}