Reference:
ELK 7.12安裝好,預設只有用http,要使用Alerts功能需啟用https。
步驟:
產生憑證
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --keep-ca-key --pem --in $HOME/instances.yml --out $HOME/elk-cert.zip --days 36500
unzip -d $HOME $HOME/elk-cert.zip
openssl pkcs8 -in $HOME/elk01/elk01.key -topk8 -nocrypt -out $HOME/elk01/elk01.pkcs8.key
mkdir /etc/elasticsearch/cert
cp $HOME/ca/* /etc/elasticsearch/cert
cp $HOME/ca/ELK01/* /etc/elasticsearch/cert
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --keep-ca-key --pem --in $HOME/instances.yml --out $HOME/elk-cert.zip --days 36500
unzip -d $HOME $HOME/elk-cert.zip
openssl pkcs8 -in $HOME/elk01/elk01.key -topk8 -nocrypt -out $HOME/elk01/elk01.pkcs8.key
mkdir /etc/elasticsearch/cert
cp $HOME/ca/* /etc/elasticsearch/cert
cp $HOME/ca/ELK01/* /etc/elasticsearch/cert
修改elasticsearch
vi /etc/elasticsearch/elasticsearch.yml
node.name: elk01
network.host: elk01.domain.com
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: cert/elk01.key
xpack.security.http.ssl.certificate: cert/elk01.crt
xpack.security.http.ssl.certificate_authorities: cert/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: cert/elk01.key
xpack.security.transport.ssl.certificate: cert/elk01.crt
xpack.security.transport.ssl.certificate_authorities: cert/ca.crt
discovery.seed_hosts: [ "elk01.domain.com" ]
systemctl restart elasticsearch
設定 ELK 之間的密碼
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive --url https://elk01.domain.com:9200
elastic:
apm_system:
kibana_system:
logstash_system:
beats_system:
remote_monitoring_user:
mkdir /etc/kibana/cert
cp $HOME/ca/* /etc/kibana/cert
cp $HOME/ca/ELK01/* /etc/kibana/cert
vi /etc/elasticsearch/elasticsearch.yml
node.name: elk01
network.host: elk01.domain.com
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: cert/elk01.key
xpack.security.http.ssl.certificate: cert/elk01.crt
xpack.security.http.ssl.certificate_authorities: cert/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: cert/elk01.key
xpack.security.transport.ssl.certificate: cert/elk01.crt
xpack.security.transport.ssl.certificate_authorities: cert/ca.crt
discovery.seed_hosts: [ "elk01.domain.com" ]
systemctl restart elasticsearch
設定 ELK 之間的密碼
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive --url https://elk01.domain.com:9200
elastic:
apm_system:
kibana_system:
logstash_system:
beats_system:
remote_monitoring_user:
mkdir /etc/kibana/cert
cp $HOME/ca/* /etc/kibana/cert
cp $HOME/ca/ELK01/* /etc/kibana/cert
修改kibana
vi /etc/kibana/kibana.yml
server.name: "elk01"
server.host: "elk01.domain.com"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/cert/elk01.crt
server.ssl.key: /etc/kibana/cert/elk01.key
elasticsearch.hosts: ["https://elk01.domain.com:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "changeme"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/cert/ca.crt" ]
systemctl restart kibana
mkdir /etc/nginx/cert
cp $HOME/ca/* /etc/nginx/cert
cp $HOME/ca/ELK01/* /etc/nginx/cert
vi /etc/kibana/kibana.yml
server.name: "elk01"
server.host: "elk01.domain.com"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/cert/elk01.crt
server.ssl.key: /etc/kibana/cert/elk01.key
elasticsearch.hosts: ["https://elk01.domain.com:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "changeme"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/cert/ca.crt" ]
systemctl restart kibana
mkdir /etc/nginx/cert
cp $HOME/ca/* /etc/nginx/cert
cp $HOME/ca/ELK01/* /etc/nginx/cert
修改nginx
vi /etc/nginx/conf.d/nginx.conf
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/cert/elk1.crt;
ssl_certificate_key /etc/nginx/cert/elk01.key;
location / {
proxy_pass https://elk01.domain.com:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
vi /etc/nginx/conf.d/nginx.conf
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/cert/elk1.crt;
ssl_certificate_key /etc/nginx/cert/elk01.key;
location / {
proxy_pass https://elk01.domain.com:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
systemctl restart nginx
防火牆修改
firewall-cmd --zone=public --permanent --add-service=httpsfirewall-cmd --zone=public --permanent --add-port=5044/tcp
firewall-cmd --reload
firewall-cmd --reload
開啟防火牆 Selinux
vi /etc/selinux/config; SELINUX=disabled
setenforce 0
setenforce 0
修改logstash
vi /etc/logstash/logstash.yml
node.name: elk01
path.config: /etc/logstash/conf.d/*.conf
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 'changeme'
xpack.monitoring.elasticsearch.hosts: [ 'https://elk01.domain.com:9200' ]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /etc/logstash/cert/ca.crt
vi /etc/logstash/conf.d/logstash.conf
output {
elasticsearch {
hosts => ["https://elk01.domain.com:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
cacert => '/etc/logstash/cert/ca.crt'
user => "elastic"
password => "changeme"
}
}
systemctl restart logstash
產生encryptionKey
/usr/share/kibana/bin/kibana-encryption-keys generate
/usr/share/kibana/bin/kibana-encryption-keys generate
vi /etc/kibana/kibana.yml
xpack.encryptedSavedObjects.encryptionKey: 3a11e4b0900b701158f9318bb1e0f756
xpack.reporting.encryptionKey: f3b0e7aa2ca62cc815c3984e85c616e5
xpack.security.encryptionKey: f11b1023c29e07f1d96059f817182f7a
systemctl restart kibana
沒有留言:
張貼留言