docker-compose 一键安装es+kibana

docker elasticsearch安装证书和添加密码

1、修改es配置

vi /mnt/es/config/elasticsearch.yml
#开启安全验证,添加一下内容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

重启容器

docker restart elasticsearch

2、进入dockers容器

 docker exec -it 容器id或者容器名称 /bin/bash

3、生成证书

./bin/elasticsearch-certutil ca

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
#移动到config目录下面
mv elastic-certificates.p12 ./config

生成证书的时候如果设置了密码需要执行一下命令

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
 
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

4、生成密码

#生产自定义密码
./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]:
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

执行命令之后按y设置 elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user这些账号的密码按确认就行

5、退出容器，修改配置

将生成的证书放进自己的配置中

docker cp 0f3493aae5e9:/usr/share/elasticsearch/config/elastic-certificates.p12 /mnt/es/config/
#授权
chmod 777 /mnt/es/config/elastic-certificates.p12

vi /mnt/es/config/elasticsearch.yml
# 证书配置
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true

6、重启容器

docker restart 容器id/容器名