问题
代码语言:javascript复制我们之前搭建的elk日志分析平台,使用es来做本博客首页的全文搜索功能,都体会到了es的强大。
但是我们发现有一个致命的问题,就是当我们将es的设置成任何机器都可以访问的时候,
就会出现安全问题(network.host: 0.0.0.0),网络上不缺乏使用es,数据被劫持,库被删的案例,
所以我们要给es加上认证。 方案
代码语言:javascript复制给es加上认证一般来说有
(1)nginx (这里就不弄了)
https://mp.weixin.qq.com/s/EMWyHkMRGH1xGl9_E0Bo_g
(2)使用x-pack插件 使用x-pack
代码语言:javascript复制es6.以上的版本都已经内置x-pack,不需要我们在手动安装
x-pack是需要收费的,有30天的试用期(所以我们要破解)
(1)开启试用
curl -H "Content-Type:application/json" -XPOST http://localhost:9200/_xpack/license/start_trial?acknowledge=true
如果不先开启试用到后面设置账号密码的时候会报错
Unexpected response code [403] from calling GET http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
It doesn't look like the X-Pack security feature is available on this Elasticsearch node.
Please check if you have installed a license that allows access to X-Pack Security feature.
ERROR: X-Pack Security is not available.
(2)创建LicenseVerifier.java 内容见下面,创建一个目录临时存放
(3)创建XPackBuild.java 内容见下面,创建一个目录临时存放
(4)分别编译 LicenseVerifier.java和XPackBuild.java
javac -cp "/usr/local/elasticsearch-6.3.2/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar" /root/xpack/LicenseVerifier.java
javac -cp "/usr/local/elasticsearch-6.3.2/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/elasticsearch-core-6.3.2.jar" XPackBuild.java
编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件
(5)覆盖之前的jar文件
cd /root/xpack
mkdir temp
cp /usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar /root/temp/
cd temp
jar -xf x-pack-core-6.3.2.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.3.2.jar
jar -cvf x-pack-core-6.3.2.jar *
#覆盖之前的jar包
cp x-pack-core-6.3.2.jar /usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/
(6)修改elasticsearch.yml配置文件,开启安全认证
xpack.security.enabled: true #新增
(7)生成用户名和密码
cd /usr/local/elasticsearch/bin
#自动生成(二选一)
./elasticsearch-setup-passwords auto
#手动生成(二选一)
./elasticsearch-setup-passwords interactive
手动生成会要求你输入elastic logstash kibanna等密码
(8)重启es
(9)kibanna要访问es要设置密码 同理logstash 也要
vim kibana.yml
elasticsearch.username: elastic
elasticsearch.password: 123456789
(10)启动kibana
经过以上步骤我们已经差不多了,还有一步就是申请license,并破解,现在我们先看
看这个时候es有什么差别 访问kibana
直接在浏览器访问
使用postman访问(需要验证)
验证的话可以通过访问 http://54288.top:9200/获取Authorization
将获取的Authorization放在header里面即可
使用curl访问
代码语言:javascript复制curl --user elastic: -XGET 'localhost:9200/blog/_search' 使用java访问(参考手册)
代码语言:javascript复制final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456789"));//账号密码
RestClientBuilder restClient = RestClient.builder(
new HttpHost("54288.top", 9200, "http"));
restClient.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});
RestHighLevelClient client = new RestHighLevelClient(restClient);
接下来我们来进行最后一步,申请license和破解
查看当前license的状态信息
[root@iZwz9278r1bks3b80puk6fZ ~]# curl -XGET -u elastic:123456789 'http://54288.top:9200/_license'
{
"license" : {
"status" : "active",
"uid" : "957dd00d-c4cd-4eab-8b68-93775dc46ba7",
"type" : "trial",
"issue_date" : "2019-09-24T01:08:00.633Z",
"issue_date_in_millis" : 1569287280633,
"expiry_date" : "2019-10-24T01:08:00.633Z",
"expiry_date_in_millis" : 1571879280633,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
上面type 说明现在试用,并且expiry_date告诉我们一个月后过期,max_nodes说明集群节点最多1000
我们去官网申请一个license
https://license.elastic.co/registration
国家选china,邮箱不能乱写,其他可以随便,注册完登陆邮箱下载license
d-f906c082-4565-4632-9f4b-e9c10bae0f74-v5.json
{
"license": {
"uid": "f906c082-4565-4632-9f4b-e9c10bae0f74",
"type": "basic",
"issue_date_in_millis": 1569283200000,
"expiry_date_in_millis": 1600991999999,
"max_nodes": 100,
"issued_to": "? ?D (?D)",
"issuer": "Web Form",
"signature": "AAAAAwAAAA1YlPDg26Zo5FsSGbezAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBXdPOIHXQIlgK4ZgKzu223UNmUoLIr1L8HcS08g2ImPWyYTUl1KnchVdwpq4m7E3gRZJ2ndL9dYwAp33qal2fbIxZ6pvIHBzbm1msBrAjeELHBUGVCfFnOSgVV8fPetIKo79lnY66OxPpNEEQeigLDvEYG/8Ye12wJsbFOZqBkyVKLyXdoWXsGiKyviSE8M2aLSS8kFbirMliLkNt3AGlLFJ9HntxYfs5Ag2JVR6GoPoo9t60gIpQNIZJk1JxH8uiJeb3Z1cOjixVsJnxm33Dly8Ubtw2rbLnNa1UVrGzquthxYDhh JRtIi4mbjS0jEXrvlfGnQk VM5U7bCkAm2j",
"start_date_in_millis": 1569283200000
}
}
修改"type": "platinum",变成白金版
修改elasticsearch.yml配置文件先关闭 xpack.security.enabled: false 不然报错如下图
通过kibanna Management--License Management 上传修改过后的license 成功激活如下图
我们可以看到下面的图激活成功了,但是1年就过期了,,
我们可以修改license的过期时间,或者快过期了重新申请license
"expiry_date_in_millis": 1600991999999,
到期时间1600991999999 时间戳转成日期2020-09-25 07:59:59
我们可以改成2547615064000 转成日期2050-09-24 14:51:04
修改elasticsearch.yml配置文件
开启
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true(不加这个会启动失败,日
志有明确说要加这句话,并且kibanna不能输入账号密码) 
