docker安装的ES和Kibana设置账号密码
ES安装后,默认是不开启用户名密码验证的,如果你的ES服务是部署在内网的话,不使用账号密码还不会有太大的安全隐患。但是如果,你的ES服务是暴露在外网环境的话,不设置账号密码肯定是非常不安全的,那如何开启用户名密码验证呢?...
·
Step 1: volumes 配置文件
将配置文件映射出来,方便灵活配置;对应位置为:
elasticsearch: /usr/share/elasticsearch/config/elasticsearch.yml
kibana: /usr/share/kibana/config/kibana.yml
Step 2:添加配置
elasticsearch.yml
# 添加以下内容
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
Step 3:进入容器设置密码
[root@elasticsearch~]# docker exec -it es /bin/bash
[root@elasticsearch~]# elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
passwords must be at least [6] characters long
Try again.
Enter password for [elastic]:
Reenter password for [elastic]:
Passwords do not match.
Try again.
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [elastic]
#大概要设置这几类密码,全部一样就好;
Step 4:给Kibana设置账号密码
kibana.yml
# 添加以下内容
elasticsearch.username: "elastic"
elasticsearch.password: "密码"
ps:需要重启,甚至是重建
1. 修改密码
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
更多推荐
已为社区贡献3条内容
所有评论(0)