搞了一天一夜 我特么真是醉了..搜索、gpt都没给个准确的方法..可能是需求比较另类?
1、由于es不能使用默认root运行,需要创建用户,如esuser
useradd esuser
2、报错java无法使用:
报错: could not find java in bundled jdk at /home/elasticsearch-7.10.0/jdk/bin/java
由于是非root运行,将es的目录设置为777,实在不行就:
chown esuser:esuser /home/tools/elasticsearch-7.10.0/
xpack.security.enabled: true
3、为方便管理,通过宝塔反代接口代域名(事后测试,貌似多此一举)
4、生成自签证书:
(会提示设置证书密码,看需求)
elasticsearch-certutil ca
elasticsearch-certutil cert --ca elastic-stack-ca.p12记得写入elasticsearch-keystore ,这是个坑
elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
生成的证书 elastic-certificates.p12,设置644权限:
本地连接的不行的话,最后下载证书进行安装:
5、集群设置:
我需要ES配置密码,但不需要https访问,因为插件不支持https
主节点:
# 主节点配置示例
cluster.name: elasticsearch
node.name: ns11516753 #节点名字
network.host: master-IP # 或指定具体的 IP 地址
transport.port: 9300 # 集群通信端口
node.master: true
node.data: true # 主节点存储数据 8.0+有改变,需要注意
xpack.security.http.ssl.enabled: false #如果需要https访问,改为true
xpack.security.http.ssl.keystore.path: "elastic-certificates.p12"
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.supported_protocols: [ "TLSv1.2","TLSv1.1", "TLSv1.3" ] #测试用可不要
xpack.security.http.ssl.cipher_suites: [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ] #测试用可不要
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: "elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "elastic-certificates.p12"
xpack.security.transport.ssl.keystore.password: "123456"
xpack.security.transport.ssl.truststore.password: "123456"
cluster.initial_master_nodes: ["my-post-1"] #从节点无需配置该处
discovery.seed_hosts:
- 9.1.2.1 # 其他节点的 IP 地址
- 8.2.1.1
从节点:
xpack.security.enabled: true
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: "elastic-certificates.p12"
xpack.security.http.ssl.keystore.password: 123456
#xpack.security.http.ssl.truststore.path: "elastic-certificates.p12"
#xpack.security.http.ssl.truststore.path: 123456
xpack.security.http.ssl.supported_protocols: [ "TLSv1.2","TLSv1.1", "TLSv1.3" ] #测试用可不要
xpack.security.http.ssl.cipher_suites: [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ] #测试用可不要
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: "elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "elastic-certificates.p12"
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.truststore.password: 123456
http.port: 9200
cluster.name: elasticsearch
node.name: data-node-1 #从节点名
node.master: false
node.data: true # 存储数据
network.host: slave-ip # 从节点的 IP 地址
transport.port: 9300 # 集群通信端口
discovery.seed_hosts:
- 9.1.2.1 # 其他节点的 IP 地址
- 8.2.1.1
6、结果
![[记录] 2024观安杯部分writeup-微慑信息网-VulSee.com](https://vulsee.com/wp-content/uploads/2024/11/429e3b2028f8b9283937c25c1f696b85.png)
![[记录] 2024羊城杯部分writeup-微慑信息网-VulSee.com](https://vulsee.com/wp-content/uploads/2024/11/98ebf8e67dea769bcb61e207876ee591.png)
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
