OS: Windows Server 2019 stand
Memory: 16G
Elasticsearch: 8.4.3_x86_64
Kibana: 8.4.3_x86_64
Elasticsearch Path: C:\ES\ES01\
Kibana Path: C:\Kibana\
1.開啟PowerShell並輸入以下指令:
C:/ES/ES01/bin/elasticsearch-certutil.bat ca接者會出現下方訊息,問你[elastic-stack-ca.p12]輸出的位置,按[Enter]跳過會輸出在預設位置
Please enter the desired output file [elastic-stack-ca.p12]:
// ./config/elastic-stack-ca.p12接者會出現下方訊息,問你輸入密碼或是按[Enter]跳過
Enter password for elastic-stack-ca.p12 :2.產生完elastic-stack-ca.p12後,接者輸入以下指令:
C:/ES/ES01/bin/elasticsearch-certutil.bat cert --ca C:/ES/ES01/config/elastic-stack-ca.p12 --out C:/ES/ES01/config/certs/node-1.p12接者會出現下方訊息,問你輸入密碼或是按[Enter]跳過
Enter password for CA (C:\ES\ES01\config\elastic-stack-ca.p12) :接者會出現下方訊息,問你是否建立資料夾,輸入[Y]
Directory C:\ES\ES01\config\certs does not exist. Do you want to create it? [Y/n]接者會出現下方訊息,問你輸入密碼或是按[Enter]跳過
Enter password for node-1.p12 :完成後,產生C:\ES\ES01\config\certs\node-1.p12
3. 開啟C:\ES\ES01\config\elasticsearch.yml並添加或修改下列設定:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/node-1.p12
xpack.security.transport.ssl.truststore.path: certs/node-1.p12儲存並重新啟動Elasticsearch
4.輸入以下指令:
C:\ES\ES01\bin\elasticsearch-setup-passwords.bat interactive接者會出現下方訊息,按[y]
Please confirm that you would like to continue [y/N]接者設定一連串角色密碼
5.開啟C:\Kibana\config\kibana.yml並添加或修改下列設定:
elasticsearch.hosts: ["http://XXX.XXX.XXX.XXX:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "密碼"儲存並重新啟動Kibana
參考資料:
[ELK教學] 三分鐘設定 Kibana、Elasticseasrch登入頁面
Elasticsearch 使用加密傳輸: 透過啟用加密傳輸,讓 Elasticsearch 的資料更安全 (14)
Settings in Elasticsearch for Secure Cluster Communication
相關資料:
[Elasticsearch][Kibana]透過PowerShell執行Elasticsearch和Kibana
[Elasticsearch][Kibana]修改Url預設Port
[Elasticsearch][Kibana]修改Url對外IP
嘗試以自己的角度來整理並紀錄,也許會對一些人有幫助。
文章有錯、參考聯結有漏或是連結失效..等,還請幫忙告知,謝謝。
另外參考資料中有很多更棒的文章,建議多看看。