最近作者做一个es的搜索,之前采用的是7.12.1,本来接口都已经基本上写好了,后面es要升级到8.7.0,一升级就连接不上es8.7.0了,后面才发现原来es8是默认采用了HTTPS协议,需要配置认证证书,这个问题搞了好久好久,最后终于搞成功了,在此写一篇博客记录一下。

一、pom文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.tom</groupId>
    <artifactId>elasticsearch-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>elasticsearch-server</name>
    <description>elasticsearch-server</description>
    <properties>
        <java.version>17</java.version>
        <mybatis.version>2.2.0</mybatis.version>
        <hutool.version>5.7.16</hutool.version>
        <gson.version>2.8.6</gson.version>
        <guava.version>29.0-jre</guava.version>
        <druid.version>1.2.14</druid.version>
        <aspectj.version>1.9.4</aspectj.version>
        <retrofit.version>2.2.20</retrofit.version>
        <mybatis-plus.version>3.4.0</mybatis-plus.version>
        <commons-io.version>2.4</commons-io.version>
        <fastjson.version>1.2.73</fastjson.version>
        <springdoc.version>1.4.4</springdoc.version>
        <nimbus-jose-jwt.version>3.10</nimbus-jose-jwt.version>
        <javax-mail.version>1.4.7</javax-mail.version>
        <jbcrypt.version>0.4</jbcrypt.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-elasticsearch</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>knife4j-spring-boot-starter</artifactId>
            <version>3.0.3</version>
        </dependency>
        <!--swagger3-->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-boot-starter</artifactId>
            <version>3.0.0</version>
        </dependency>
        <!--fastjson-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>${fastjson.version}</version>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

二、application配置文件

server:
  port: 10086
  servlet:
    context-path: /elasticsearch

spring:
  elasticsearch:
    rest:
      enable: true
      uris: 127.0.0.1:9200
      host: 127.0.0.1
      port: 9200
      username: elastic
      password: xxxxxxx
      index: indexName
      crtName: http_ca.crt


logging:
  level:
    root: debug

如何获取这个http_ca.crt证书文件呢,这个可以登录es访问地址,比如说https://127.0.0.1:9200,输入账号密码,就可以在浏览器上下载证书啦,下载之后需要将这个文件的名称修改为http_ca.crt并且放到resource目录下面

elasticsearch 8.7.0的Java API详解教程(一)_spring

elasticsearch 8.7.0的Java API详解教程(一)_elasticsearch_02

三、ElasticSearchConfig配置类

@Configuration
@Slf4j
public class ElasticSearchConfig {

    @Value("${spring.elasticsearch.rest.host}")
    private String host;
    @Value("${spring.elasticsearch.rest.enable}")
    private boolean enable;
    @Value("${spring.elasticsearch.rest.port}")
    private int port;
    @Value("${spring.elasticsearch.rest.username}")
    private String userName;
    @Value("${spring.elasticsearch.rest.password}")
    private String passWord;
    @Value("${spring.elasticsearch.rest.crtName}")
    private String tempCrtName;

    private static String crtName;

    @PostConstruct
    private void init() {
        crtName = tempCrtName;
    }

    /**
     * 解析配置的字符串,转为HttpHost对象数组
     *
     * @return
     */
    private HttpHost toHttpHost() {
        HttpHost httpHost = new HttpHost(host, port, "https");
        return httpHost;
    }

    @Bean
    public ElasticsearchClient clientByPasswd() throws Exception {
        ElasticsearchTransport transport = getElasticsearchTransport(userName, passWord, toHttpHost());
        return new ElasticsearchClient(transport);
    }

    private static SSLContext buildSSLContext() {
        ClassPathResource resource = new ClassPathResource(crtName);
        SSLContext sslContext = null;
        try {
            CertificateFactory factory = CertificateFactory.getInstance("X.509");
            Certificate trustedCa;
            try (InputStream is = resource.getInputStream()) {
                trustedCa = factory.generateCertificate(is);
            }
            KeyStore trustStore = KeyStore.getInstance("pkcs12");
            trustStore.load(null, null);
            trustStore.setCertificateEntry("ca", trustedCa);
            SSLContextBuilder sslContextBuilder = SSLContexts.custom()
                    .loadTrustMaterial(trustStore, null);
            sslContext = sslContextBuilder.build();
        } catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException |
                 KeyManagementException e) {
            log.error("ES连接认证失败", e);
        }

        return sslContext;
    }

    private static ElasticsearchTransport getElasticsearchTransport(String username, String passwd, HttpHost... hosts) {
        // 账号密码的配置
        final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, passwd));

        // 自签证书的设置,并且还包含了账号密码
        RestClientBuilder.HttpClientConfigCallback callback = httpAsyncClientBuilder -> httpAsyncClientBuilder
                .setSSLContext(buildSSLContext())
                .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
                .setDefaultCredentialsProvider(credentialsProvider);

        // 用builder创建RestClient对象
        RestClient client = RestClient
                .builder(hosts)
                .setHttpClientConfigCallback(callback)
                .build();
        return new RestClientTransport(client, new JacksonJsonpMapper());
    }

}