Elasticsearch 在控制台的 https 通道上显示接收到的明文 http 流量

分享于2022年07月17日 elasticsearch 问答
【问题标题】:Elasticsearch 在控制台的 https 通道上显示接收到的明文 http 流量(Elasticsearch showing received plaintext http traffic on an https channel in console)
【发布时间】:2022-06-11 02:02:42
【问题描述】:

我正在尝试在我的 Windows 系统中设置 elasticsearch,但是当我尝试运行它时,它会启动并在我重定向到 http://localhost:9200 时显示以下响应。

{
  "name" : "DESKTOP-L8UKCFI",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "z8IfZcFaQfSti3P4jhZxbg",
 "version" : {
   "number" : "8.1.0",
   "build_flavor" : "default",
   "build_type" : "zip",
   "build_hash" : "3700f7679f7d95e36da0b43762189bab189bc53a",
   "build_date" : "2022-03-03T14:20:00.690422633Z",
   "build_snapshot" : false,
   "lucene_version" : "9.0.0",
   "minimum_wire_compatibility_version" : "7.17.0",
   "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
 }

但在控制台中显示类似这样的内容

[2022-03-16T11:26:12,307][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [DESKTOP- 
L8UKCFI] received plaintext http traffic on an https channel, closing connection 
Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:5996}


[2022-03-16T11:31:56,806][WARN ] 
[o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [DESKTOP-L8UKCFI] http 
client did not trust this server's certificate, closing connection 
Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, 
remoteAddress=/[0:0:0:0:0:0:0:1]:6215}

elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 16-03-2022 06:55:18
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["DESKTOP-L8UKCFI"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

有人让我知道是什么意思。

  • 你的集群怎么样了?卷曲还是其他?
  • 直接在浏览器的网址栏中。使用 https://localhost:9200
  • 我在互联网上看到教程,它在 http 端口上工作,但对我不起作用,它在 https 端口上工作,为什么会这样但是当我在 elasticsearch.yml 中将安全性修改为 false 时,它在 http 端口上工作。
  • 能否也请发布您的 elasticsearch.yml 文件配置

【解决方案1】:

从 ES 8 开始,HTTP 客户端默认启用 SSL/TLS。

警告消息说

http client did not trust this server's certificate

... 这意味着您需要告诉您的浏览器信任服务器证书。默认情况下它是自签名的,所以这可能是原因。

或者您可以简单地在 elasticsearch.yml 配置中禁用 SSL,这也可以。

  • 我已手动将 elasticsearch.yml 文件中的 ssl 设为 false,然后在 http 端口上工作
  • 这也是一个解决方案,确实。
  • 工作正常。现在我正在尝试运行 logstash,但它会自动关闭,因为我已将 logstah.conf 文件中的 csv 文件作为输入传递。
  • 那是另一个问题,这个问题解决了,你可以创建一个新线程。
  • 好的,我马上就发布另一个问题。