免费版本的 ES 没有权限控制功能,想要配置账户密码有两种方法,一是通过试用版使用 XPACK,二是另外配置 Nginx 来设置 Basic Auth。
之前的文章有讲过通过 Nginx 的方式,这篇介绍 ES 原生的方式配置账号密码。
本文中 ES 的版本为 7.2.1。
配置文件
打开配置文件
vi config/elasticsearch.yml
添加以下 X-Pack 配置
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
设置密码
ES 中默认设置了 elastic、kibana、logstash_system、beats_system 等多个默认账户,可以通过命令
bin/elasticsearch-setup-passwords interactive
为它们统一设置密码
运行脚本
docker run -d \
--name elasticsearch \
--network host \
--volume /data/elk/elasticsearch/data:/usr/share/elasticsearch/data \
--volume /data/elk/elasticsearch/config:/usr/share/elasticsearch/config \
--volume /data/elk/elasticsearch/config/logs:/usr/share/elasticsearch/config/logs \
--env discovery.type=single-node \
docker.elastic.co/elasticsearch/elasticsearch:7.2.1
docker exec -it elasticsearch bin/elasticsearch-setup-passwords interactive
需要设置各个默认账户的密码
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
测试是否配置成功
curl http://elastic:yourpass@localhost:9200/