Cannot connect to localhost:9200 after installing search guard

Hi Guys:

I am trying to install the Search guard 36.0.0 on Elasticsearch:7.1.1 using Docker. the Dockerfile looks like this


COPY bin/ bin/
COPY config/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
COPY config/sg/CN=elasticsearch-0.elasticsearch-keystore.jks config/sg/CN=elasticsearch-0.elasticsearch-keystore.jks 
COPY config/sg/truststore.jks config/sg/truststore.jks 

# Search Guard plugin

RUN elasticsearch-plugin install --batch com.floragunn:search-guard-7:7.1.1-36.0.0 \
	&& chmod +x plugins/search-guard-7/tools/*.sh \
	&& chown -R elasticsearch config/sg/ \
	&& chmod -R go= config/sg/ 

# sgadmin and other third-party tools require a valid Java home
ENV JAVA_HOME /usr/share/elasticsearch/jdk
EXPOSE 9200 9300

COPY config/sg/CN=sgadmin-keystore.jks plugins/search-guard-7/tools
COPY config/sg/truststore.jks plugins/search-guard-7/tools
COPY config/sg/CN=elasticsearch-0.elasticsearch-keystore.jks plugins/search-guard-7/tools

and I have also downloaded the TLS certificates from the website. and setup the elasticsearch.yml file based on the of the certificates. The elasticsearch.yml looks like the following:

## Default Elasticsearch configuration from Elasticsearch base image.
# "docker-cluster"

# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details:
discovery.zen.minimum_master_nodes: 1

## Use single node discovery in order to disable production mode and avoid bootstrap checks
## see
discovery.type: single-node

## X-Pack settings
## see
xpack.license.self_generated.type: basic false

## Search Guard
# searchguard.enterprise_modules_enabled: true
searchguard.ssl.http.enabled: true

searchguard.ssl.transport.keystore_filepath: sg/CN=elasticsearch-0.elasticsearch-keystore.jks
searchguard.ssl.transport.keystore_password: 6498ae88d9fa8f0f5424
searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
searchguard.ssl.transport.truststore_password: eb78abdeb3026eb91afb
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.keystore_filepath: sg/CN=elasticsearch-0.elasticsearch-keystore.jks
searchguard.ssl.http.keystore_password: 6498ae88d9fa8f0f5424
searchguard.ssl.http.truststore_filepath: sg/truststore.jks
searchguard.ssl.http.truststore_password: eb78abdeb3026eb91afb

  - CN=sgadmin

#node.master: true false

I have successfully build the container using

docker run -d --name es -p 9200:9200 -p 9300:9300 -h elasticsearch-0.elasticsearch es:latest

However, when I ssh into the container docker exec -it 4f /bin/bas, and type curl localhost:9200

I got this error curl: (52) Empty reply from server

I have no idea where I done wrong, please help!

problem solved, I need to use the

searchguard.ssl.http.enabled: false in the elasticsearch yaml file to enable the HTTPS, when running the curl localhost:9200

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.