文章目录
- 由来。
- 设置账号密码步骤:
- 1、centos安装配置好elasticsearch。
- 2、修改`elasticsearch.yml`配置文件
- 我自己整个的配置文件内容:
- 3、后台启动elasticsearch服务:
- 4、设置elasticsearch账号密码
- 5、回到浏览器的输入账号密码的地方:
- 6、kibana远程链接elasticsearch。
由来。
由于前天发现我的服务器被攻击之后,所以一行要加强一些数据。
其实加个账号可以拦截一些,不过如果时服务器搭建的数据库,比如elasticsearch,端口号我们都是默认的,可以直接对端口的可以访问的ip进行拦截,只允许自己可能使用访问的电脑ip加入到安全组里面,具体可以参考我的另一篇文章。
所以今天图想再给我的elasticsearch加个账号密码,所以就来学习具体操作步骤。
设置账号密码步骤:
其实比较简单:
但是由于好多博主没有具体解释一下,导致我本来可以一次搞定的,结果却弄好了好几次。
1、centos安装配置好elasticsearch。
如果安装好,直接看第二步,没有安装好,参考我的另一篇文章:
centos安装elasticsearch+elasticsearch华为镜像
2、修改elasticsearch.yml配置文件
修改之前先把elasticsearch停止:
ps -ef |grep elasticsearch
kill 进程id进程id是自己的elasticsearch运行的id,需要根据自己的具体值。
修改elasticsearch.yml文件:
具体安装位置,要看你自己之前安装的,我还是安装到/opt/下面
vi /opt/elasticsearch/config/elasticsearch.yml最后追加一下几行数据:
# 配置X-Pack
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
我自己整个的配置文件内容:
防止有的配置错误,可以参考我的:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: zhaojiafu_es
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /opt/elk/data
#
# Path to log files:
#
path.logs: /opt/elk/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
action.destructive_requires_name: true
# 配置X-Pack
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true3、后台启动elasticsearch服务:
记得切换为非root用户:
# 这是我在/opt/elasticsearch/bin目录下执行的
./elasticsearch -d
# 哪里都可以执行:
/opt/elasticsearch/bin/elasticsearch -d执行完毕需要等待一会,这是好多博客没有说的,具体多久,可能根据ecs服务器配置有关,一般可以使用你的本地浏览器访问:
http://你的服务器公网ip:9200/如果出现让登录,就可以继续下一步了。
4、设置elasticsearch账号密码
直接输入命令:
# 再elasticsearch安装目录下的bin目录里面执行
./elasticsearch-setup-passwords interactive
# 绝对路径执行:
/opt/elasticsearch/bin/elasticsearch-setup-passwords interactive然后按提示输入y,回车,然后按提示输入每个账号的密码。
5、回到浏览器的输入账号密码的地方:
输入账号elastic,密码就是刚刚服务器自己设置的,然后就可以使用了。
成功设置密码。
6、kibana远程链接elasticsearch。
修改本地,kibana的kibana.yml配置文件
# kibana端口号
server.port: 5601
# 服务器,链接原创必须为这个0.0.0.0,其他的好像我设置之后一直链接不上远程的es
server.host: "0.0.0.0"
# es集群配置,我这里是单个,里面就一个,如果你多个es,可以写成数组,只是ip不一样。
elasticsearch.hosts: ["http://服务器公网ip:9200"]
# 设置为中文显示,默认英文
i18n.locale: "zh-CN"
# elasticsearch的账号密码
elasticsearch.username: "elastic"
elasticsearch.password: "自己设置的密码"然后启动kibana解压目录下的bin目录下的kibana.bat文件,点击运行,这个要等待好一会,大概1-5分钟左右,配置越好启动越快。
等出现下面如图,就可以浏览器访问kibana了。
访问http://127.0.0.1:5601/,出现让登录:
输入上面配置的账号和密码:elastic和elasticsearch的密码即可。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
