最近作者做一个es的搜索,之前采用的是7.12.1,本来接口都已经基本上写好了,后面es要升级到8.7.0,一升级就连接不上es8.7.0了,后面才发现原来es8是默认采用了HTTPS协议,需要配置认证证书,这个问题搞了好久好久,最后终于搞成功了,在此写一篇博客记录一下。
一、pom文件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.tom</groupId>
<artifactId>elasticsearch-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>elasticsearch-server</name>
<description>elasticsearch-server</description>
<properties>
<java.version>17</java.version>
<mybatis.version>2.2.0</mybatis.version>
<hutool.version>5.7.16</hutool.version>
<gson.version>2.8.6</gson.version>
<guava.version>29.0-jre</guava.version>
<druid.version>1.2.14</druid.version>
<aspectj.version>1.9.4</aspectj.version>
<retrofit.version>2.2.20</retrofit.version>
<mybatis-plus.version>3.4.0</mybatis-plus.version>
<commons-io.version>2.4</commons-io.version>
<fastjson.version>1.2.73</fastjson.version>
<springdoc.version>1.4.4</springdoc.version>
<nimbus-jose-jwt.version>3.10</nimbus-jose-jwt.version>
<javax-mail.version>1.4.7</javax-mail.version>
<jbcrypt.version>0.4</jbcrypt.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.xiaoymin</groupId>
<artifactId>knife4j-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
<!--swagger3-->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-boot-starter</artifactId>
<version>3.0.0</version>
</dependency>
<!--fastjson-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
二、application配置文件
server:
port: 10086
servlet:
context-path: /elasticsearch
spring:
elasticsearch:
rest:
enable: true
uris: 127.0.0.1:9200
host: 127.0.0.1
port: 9200
username: elastic
password: xxxxxxx
index: indexName
crtName: http_ca.crt
logging:
level:
root: debug
如何获取这个http_ca.crt证书文件呢,这个可以登录es访问地址,比如说https://127.0.0.1:9200,输入账号密码,就可以在浏览器上下载证书啦,下载之后需要将这个文件的名称修改为http_ca.crt并且放到resource目录下面
三、ElasticSearchConfig配置类
@Configuration
@Slf4j
public class ElasticSearchConfig {
@Value("${spring.elasticsearch.rest.host}")
private String host;
@Value("${spring.elasticsearch.rest.enable}")
private boolean enable;
@Value("${spring.elasticsearch.rest.port}")
private int port;
@Value("${spring.elasticsearch.rest.username}")
private String userName;
@Value("${spring.elasticsearch.rest.password}")
private String passWord;
@Value("${spring.elasticsearch.rest.crtName}")
private String tempCrtName;
private static String crtName;
@PostConstruct
private void init() {
crtName = tempCrtName;
}
/**
* 解析配置的字符串,转为HttpHost对象数组
*
* @return
*/
private HttpHost toHttpHost() {
HttpHost httpHost = new HttpHost(host, port, "https");
return httpHost;
}
@Bean
public ElasticsearchClient clientByPasswd() throws Exception {
ElasticsearchTransport transport = getElasticsearchTransport(userName, passWord, toHttpHost());
return new ElasticsearchClient(transport);
}
private static SSLContext buildSSLContext() {
ClassPathResource resource = new ClassPathResource(crtName);
SSLContext sslContext = null;
try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
Certificate trustedCa;
try (InputStream is = resource.getInputStream()) {
trustedCa = factory.generateCertificate(is);
}
KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa);
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, null);
sslContext = sslContextBuilder.build();
} catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException |
KeyManagementException e) {
log.error("ES连接认证失败", e);
}
return sslContext;
}
private static ElasticsearchTransport getElasticsearchTransport(String username, String passwd, HttpHost... hosts) {
// 账号密码的配置
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, passwd));
// 自签证书的设置,并且还包含了账号密码
RestClientBuilder.HttpClientConfigCallback callback = httpAsyncClientBuilder -> httpAsyncClientBuilder
.setSSLContext(buildSSLContext())
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.setDefaultCredentialsProvider(credentialsProvider);
// 用builder创建RestClient对象
RestClient client = RestClient
.builder(hosts)
.setHttpClientConfigCallback(callback)
.build();
return new RestClientTransport(client, new JacksonJsonpMapper());
}
}