#docker install
docker pull elasticsearch:8.0.0
docker pull kibana:8.0.0
# ES 启动前准备
mkdir -p /opt/mydata/elasticsearch/config
mkdir -p /opt/mydata/elasticsearch/data
echo "http.host: 0.0.0.0" >>/mydata/elasticsearch/config/elasticsearch.yml
# ES docker启动
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms64m -Xmx128m" \
-v /opt/mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /opt/mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-v /opt/mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-d elasticsearch:8.0.0
# 查看是否有保存日志
docker logs elasticsearch
# 访问 ES 服务:
http://127.0.0.1:9200
# 生成 SLL证书
进入es的bin目录,执行以下命令生成CA证书
-out config/certs/elastic-stack-ca.p12 可以指定证书输出位置,默认目录下
过程中会提示输入证书密码,可以不输,如果输入了就要记住,下面要用到,不然启动不了ES
过程中直接输入回车
elasticsearch-certutil ca
#生成密钥
-out config/certs/elastic-certificates.p12可以指定证书输出位置,默认在主目录下
如果步骤1输入了CA证书密码,这一步要输入
运行以下命令
elasticsearch-certutil cert --ca elastic-stack-ca.p12
将证书和密钥 复制到 config/certs下
## 设置yml配置文件#################3
# 开启xpack
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
# 证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
#跨域配置(可选)
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
############################3
# 重启 ES
# bin目录 restart 可以重置 指定用户密码
之后连接 kibana即可
浙公网安备 33010602011771号