Config https for Elasticsearch 5.6

Derrick · December 14, 2017, 2:52pm

Hi,

we are upgrading our ES from 2 to 5.6, but cannot make https works, could someone can provide the config?

this is what we have in elasticsearcy.yml.

--------------------------------- XPack Config ------------------------------

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

xpack.security.enabled: true

xpack.ssl.keystore.path: /usr/share/elasticsearch/config/keystore.jks
xpack.ssl.keystore.password: password
xpack.ssl.keystore.key_password: password

xpack.ssl.truststore.path: /usr/share/elasticsearch/config/truststore.jks
xpack.ssl.truststore.password: changeit

xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

xpack.ssl.verification_mode: none
xpack.ssl.client_authentication: none

xpack.security.authc.realms:
realm1:
type: native
order: 3

realm2:
    type: file
    order: 1

realm3:
    type: ldap
    order: 2
    url: "ldap://ldap.service.consul"
    user_dn_templates:
        - "uid={0}, ou=ISS-FRNT OFFCE DEV-CLIENT SUPPORT CENTRE,o=Scotia Capital Markets,c=CA"
    #files:
    #  role_mapping: "/usr/share/elasticsearch/config/shield/ldap_role_mapping.yml"
    unmapped_groups_as_roles: false

dadoonet · December 14, 2017, 3:04pm

I moved this to #x-pack

Derrick · December 14, 2017, 3:32pm

now I am getting this error, please help, thanks

[2017-12-14T15:27:31,252][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [pxv-data1.dev.lbb4sd.333az.net] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchException[Failed to load plugin class [org.elasticsearch.xpack.XPackPlugin]]; nested: InvocationTargetException; nested: IllegalArgumentException[the [action.auto_create_index] setting value [.security,.monitoring*,.watches,.triggered_watches,.watcher-history*] is too restrictive. disable [action.auto_create_index] or set it to [.security,.security-6]];
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-5.6.4.jar:5.6.4]

dadoonet · December 14, 2017, 4:04pm

May be do what is written in the logs?

disable [action.auto_create_index] or set it to [.security,.security-6]

Derrick · December 20, 2017, 9:15pm

it doesn't work either.

dadoonet · December 20, 2017, 9:51pm

Exact same logs now?

Derrick · December 20, 2017, 10:02pm

Yes, same issue

dadoonet · December 20, 2017, 10:20pm

Can you share your config file, your logs?

Did you restart the nodes?

Derrick · December 20, 2017, 10:28pm

I share it in this thread, Failed to load xpackplugin, please help, urgent

Also es is being run in docker, so I restart docker.

system · January 17, 2018, 10:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How configure .p12 certificate in Elasticsearch TLS/SSL? Elasticsearch elastic-stack-security	4	4547	November 26, 2018
HTTPS access via x-pack problems Elasticsearch	6	2156	September 27, 2018
Elasticsearch 7.4.2 : Problem with SSL configuration Elasticsearch	1	1509	December 13, 2019
ES - xpack & https Elasticsearch	2	339	November 4, 2019
Cannot use https on elasticsearch server Elasticsearch elastic-stack-security	2	257	April 6, 2023

Config https for Elasticsearch 5.6

--------------------------------- XPack Config ------------------------------

Related Topics