elasticsearch 嵌套js连接到Docker中的弹性组件,使用xpack.security.http.ssl.enabled =true

xoefb8l8  于 2022-11-22  发布在  ElasticSearch
关注(0)|答案(1)|浏览(175)

我被从我的nest js应用程序连接到elasticsearch卡住了,我收到了这个错误信息

ResponseError: security_exception: [security_exception] Reason: missing authentication credentials for REST request [/companies]

这是我docker-compose文件

version: "3.8"

services:
  postgres:
    container_name: benchy-db
    image: postgres:latest
    volumes:
      - ./db_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    environment:
      - POSTGRES_DB=benchy
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=0000
    networks:
      - elastic

  server:
    container_name: benchy-api
    build:
      context: ./
    restart: on-failure
    command: bash -c "npm run db:run && npm run rebuild"
    ports:
      - "4000:4000"
    depends_on:
      - postgres
      - kibana
    environment:
      DB_HOST: postgres
      DB_PORT: 5432
    networks:
      - elastic

  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: esnode1\n"\
          "    dns:\n"\
          "      - esnode1\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://esnode1:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://esnode1:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "Good to go!";
      '
    networks:
      - elastic

  esnode1:
    depends_on:
      - setup
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esnode1-data:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=esnode1
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/esnode1/esnode1.key
      - xpack.security.http.ssl.certificate=certs/esnode1/esnode1.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/esnode1/esnode1.key
      - xpack.security.transport.ssl.certificate=certs/esnode1/esnode1.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - elastic

  kibana:
    depends_on:
      - esnode1
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibana-data:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://esnode1:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    networks:
      - elastic

networks:
  elastic:
    name: elastic
    driver: bridge

volumes:
  db_data:
  certs:
  esnode1-data:
    driver: local
  kibana-data:
    driver: local

这是我.env

#ELASTIC VARIABLES
ELASTIC_PASSWORD=DKS481!~=KS!KDJ
KIBANA_PASSWORD=DKS481!~=KS!KDJ
ELASTIC_USERNAME=elastic
STACK_VERSION=8.2.2
CLUSTER_NAME=docker-cluster
LICENSE=basic
ES_PORT=9200
# ES_PORT=127.0.0.1:9200
KIBANA_PORT=5601
MEM_LIMIT=1073741824

这是我从nest js应用程序连接

const elasticClient = new Client({
  node: 'https://esnode1:9200',
  auth: {
    username: process.env.ELASTIC_USERNAME,
    password: process.env.ELASTIC_PASSWORD,
  },
  tls: {
    ca: readFileSync('./certs/ca/ca.crt'),
    rejectUnauthorized: false
  }
});

这是由elastic生成的证书文件夹,我正在使用此证书x1c 0d1x
弹性与kibana工作正常,我可以登录在kibana,但从我的嵌套js应用程序,我不能这样做。在我的环境中,elasticsearch将只在我的虚拟机中使用,当kibana应该是从外面访问。在这方面,我想我是否需要使用xpack安全弹性在所有。也许我可以只保护kibana。感谢任何帮助!

elasticsearch

1条答案

按热度按时间
nkkqxpd9

nkkqxpd91#

道歉!这个问题解决了-我没有在我初始化elasticClient的文件中导入env,所以消息很清楚-“证书丢失”,当我一直在想证书或其他什么东西有问题的时候。

赞(0)分享  回复(0)举报  2022-11-22
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com