我被从我的nest js应用程序连接到elasticsearch卡住了,我收到了这个错误信息
ResponseError: security_exception: [security_exception] Reason: missing authentication credentials for REST request [/companies]
这是我docker-compose文件
version: "3.8"
services:
postgres:
container_name: benchy-db
image: postgres:latest
volumes:
- ./db_data:/var/lib/postgresql/data
ports:
- "5432:5432"
environment:
- POSTGRES_DB=benchy
- POSTGRES_USER=root
- POSTGRES_PASSWORD=0000
networks:
- elastic
server:
container_name: benchy-api
build:
context: ./
restart: on-failure
command: bash -c "npm run db:run && npm run rebuild"
ports:
- "4000:4000"
depends_on:
- postgres
- kibana
environment:
DB_HOST: postgres
DB_PORT: 5432
networks:
- elastic
setup:
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- ./certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: esnode1\n"\
" dns:\n"\
" - esnode1\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://esnode1:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://esnode1:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "Good to go!";
'
networks:
- elastic
esnode1:
depends_on:
- setup
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esnode1-data:/usr/share/elasticsearch/data
ports:
- ${ES_PORT}:9200
environment:
- node.name=esnode1
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- discovery.type=single-node
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/esnode1/esnode1.key
- xpack.security.http.ssl.certificate=certs/esnode1/esnode1.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/esnode1/esnode1.key
- xpack.security.transport.ssl.certificate=certs/esnode1/esnode1.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
ulimits:
memlock:
soft: -1
hard: -1
networks:
- elastic
kibana:
depends_on:
- esnode1
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- certs:/usr/share/kibana/config/certs
- kibana-data:/usr/share/kibana/data
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://esnode1:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
networks:
- elastic
networks:
elastic:
name: elastic
driver: bridge
volumes:
db_data:
certs:
esnode1-data:
driver: local
kibana-data:
driver: local
这是我.env
#ELASTIC VARIABLES
ELASTIC_PASSWORD=DKS481!~=KS!KDJ
KIBANA_PASSWORD=DKS481!~=KS!KDJ
ELASTIC_USERNAME=elastic
STACK_VERSION=8.2.2
CLUSTER_NAME=docker-cluster
LICENSE=basic
ES_PORT=9200
# ES_PORT=127.0.0.1:9200
KIBANA_PORT=5601
MEM_LIMIT=1073741824
这是我从nest js应用程序连接
const elasticClient = new Client({
node: 'https://esnode1:9200',
auth: {
username: process.env.ELASTIC_USERNAME,
password: process.env.ELASTIC_PASSWORD,
},
tls: {
ca: readFileSync('./certs/ca/ca.crt'),
rejectUnauthorized: false
}
});
这是由elastic生成的证书文件夹,我正在使用此证书x1c 0d1x
弹性与kibana工作正常,我可以登录在kibana,但从我的嵌套js应用程序,我不能这样做。在我的环境中,elasticsearch将只在我的虚拟机中使用,当kibana应该是从外面访问。在这方面,我想我是否需要使用xpack安全弹性在所有。也许我可以只保护kibana。感谢任何帮助!
1条答案
按热度按时间nkkqxpd91#
道歉!这个问题解决了-我没有在我初始化elasticClient的文件中导入env,所以消息很清楚-“证书丢失”,当我一直在想证书或其他什么东西有问题的时候。