Differences

This shows you the differences between two versions of the page.

--- elasticsearch-tls [2020/11/07 12:03] – baumi
+++ elasticsearch-tls [2020/11/08 12:41] (current) – baumi
@@ Line 1: / Line 1: @@
 ====== Configure Elasticsearch/Kibana for TLS and Authentication ======
+===== Create Certificates =====
   - Shutdown elk-cluster
   - Add certificate path to elasticsearch config in docker-compose.yml<code>
-volumes:
+services:
-  - ./certs:/certs
+  elasticsearch:
+    volumes:
+      - ./certs:/certs
 </code>
   - Start elasticsearch<code>$ docker-compose up -d elasticsearch</code>
@@ Line 20: / Line 23: @@
 Please enter the desired output file [elastic-stack-ca.zip]:
 [root@elk-test-elasticsearch elasticsearch]# unzip -d /certs/ elastic-stack-ca.zip
+Archive:  elastic-stack-ca.zip
+   creating: /certs/ca/
+  inflating: /certs/ca/ca.crt
+  inflating: /certs/ca/ca.key
 [root@elk-test-elasticsearch elasticsearch]# bin/elasticsearch-certutil http
@@ Line 138: / Line 145: @@
   inflating: /certs/kibana/sample-kibana.yml
 </code>
-  - Configure elasticsearch for TLS & X-Pack Security
+===== Configure elasticsearch for TLS & X-Pack Security =====
-    - Shutdown elasticsearch<code>
+  - Shutdown elasticsearch<code>
 $ docker-compose down
 Stopping elk-test-elasticsearch ... done
@@ Line 145: / Line 153: @@
 Removing network elk-test_default
 </code>
-    - Add certificate mount to docker-compose<code>
+  - Add certificate mount to docker-compose<code>
 volumes:
   - ./elasticsearch/config/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
 </code>
-    - Copy P12 file to correct place<code>
+  - Copy P12 file to correct place<code>
-cp certs/elasticsearch/http.p12 elasticsearch/config/elasticsearch.p12
+$ cp certs/elasticsearch/http.p12 elasticsearch/config/elasticsearch.p12
-    - Update elasticsearch.yml<code>
+$ sudo chown 1000:1000 elasticsearch/config/elasticsearch.p12
-# grep xpack elasticsearch/config/elasticsearch.yml
+$ sudo chmod 600 elasticsearch/config/elasticsearch.p12
+</code>
+  - Update elasticsearch.yml<code>
+$ grep xpack elasticsearch/config/elasticsearch.yml
 xpack.security.enabled: true
 xpack.security.http.ssl.enabled: true
@@ Line 158: / Line 169: @@
 xpack.security.http.ssl.keystore.path: "elasticsearch.p12"
 </code>
+  - Start elasticsearch<code>
+docker-compose up -d elasticsearch
+Creating network "elk-test_default" with the default driver
+Creating elk-test-elasticsearch ... done
+</code>
+  - Create Users<code>
+$ docker exec -it elk-test-elasticsearch bash
+[root@elk-test-elasticsearch elasticsearch]# bin/elasticsearch-setup-passwords auto
+Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
+The passwords will be randomly generated and printed to the console.
+Please confirm that you would like to continue [y/N]y
+Changed password for user apm_system
+PASSWORD apm_system = ***
+Changed password for user kibana_system
+PASSWORD kibana_system = ***
+Changed password for user kibana
+PASSWORD kibana = ***
+Changed password for user logstash_system
+PASSWORD logstash_system = ***
+Changed password for user beats_system
+PASSWORD beats_system = ***
+Changed password for user remote_monitoring_user
+PASSWORD remote_monitoring_user = ***
+Changed password for user elastic
+PASSWORD elastic = ***
+</code>
+===== Configure Kibana for TLS and User Authentication =====
+  - Copy CA file to correct path<code>
+$ cp certs/kibana/elasticsearch-ca.pem kibana/config/</code>
+  - Add CA file mount do docker-compose.yml<code>
+services:
+  kibana:
+    volumes:
+      - ./kibana/config/elasticsearch-ca.pem:/usr/share/kibana/config/elasticsearch-ca.pem:ro
+</code>
+  - Add TLS & authentication information to kibana.yml<code>
+elasticsearch:
+  hosts: [ "https://elk-test-elasticsearch:9200" ]
+  ssl.certificateAuthorities: [ "config/elasticsearch-ca.pem" ]
+  username: "kibana_system"
+  password: "***"
+</code>
+  - Restart elk-stack<code>
+$ docker-compose up -d && docker-compose logs -f
+</code>
+===== Move username & password from Kibana Config =====
+  - Create Keystore and populate with logon information<code>
+$ docker exec -it elk-test-kibana bash
+bash-4.2$ bin/kibana-keystore create
+Created Kibana keystore in /usr/share/kibana/config/kibana.keystore
+bash-4.2$ bin/kibana-keystore add elasticsearch.username
+Enter value for elasticsearch.username: *************
+bash-4.2$ bin/kibana-keystore add elasticsearch.password
+Enter value for elasticsearch.password: ********************
+</code>
+  - Copy keystore to persistent storage<code>
+$ docker cp elk-test-kibana:/usr/share/kibana/config/kibana.keystore /srv/elk-test/kibana/config/
+</code>
+  - Adjust docker-compose.yml for bind mount of keystore file<code>
+services:
+  kibana:
+    volumes:
+      - ./kibana/config/kibana.keystore:/usr/share/kibana/config/kibana.keystore
+</code>
+  - Remove elasticsearch.username and elasticsearch.username from kibana.yml
+  - Restart kibana
 {{tag>kb elasticsearch}}