背景:
Elasticsearch默认开启方式是不需要鉴权就可以访问的。笔者在阿里云服务器上安装的ES就曾经被宵小之徒给黑了,留下一句英文信息,翻译过来大概是:如果想恢复原有的ES数据,就转零点几个比特币到XXX账号。
为了提高使用ES的安全性,我们需要自己进行ES的相关配置,开启鉴权登录。
ES配置步骤:
1、需要在配置文件中开启x-pack验证, 修改config目录下面的elasticsearch.yml文件,在里面添加如下内容:
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true2、重启Elasticsearch
3、进入elasticsearch/bin目录,执行
./elasticsearch-setup-passwords interactive
# 如果提示connect failed,可以尝试 ./elasticsearch-setup-passwords interactive -u 'http://[ip]:9200需要设置以下用户的密码,根据提示输入密码即可
Initiating the setup of passwords for reserved users
elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]验证:
Kibana配置步骤
截止到目前Elasticsearch的部分已经修改完毕,下面修改kibana配置以便于让其和Elasticsearch完成连接。
1、修改配置文件
修改kibana的配置文件config/kibana.yml在配置文件中添加下面内容
elasticsearch.username: "kibana"
elasticsearch.password: "之前设置的密码"2、重启Kibana
kibana 使用ps -ef|grep kibana是查不到进程的,因为其实运行在node里面。但是我们也不能关闭所有node里面的软件,所以我们需要查询kibana监听端口5601的进程。
使用kill命令关闭Kibana
然后重启Kibana
nohup ./kibana &
此时访问kibana(http://serverhost:5601)会提示需要输入账号密码。注意此时需要输入的是elasticsearch的用户密码。