We have created a test setup to use elastic in production next month.
Our current setup related to Elastic is a single node with 16gigs.
Personally i do not have knowledge of creating certs etc so if i say something wrong please have this in mind.
A colleague of mine suggested that we should create one cert for Kibana and one cert for the Elastic Node so we went that way.From what i read though i understood that we should only create certs for nodes. But since i lack the experience i followed his suggestions.
Enter instance name: Artorias Enter name for directories and files [Artorias]: Enter IP Addresses for instance (comma-separated if more than one) : 127.0.0.1 Enter DNS names for instance (comma-separated if more than one) : localhost Would you like to specify another instance? Press 'y' to continue entering instance information: y Enter instance name: Kibana Enter name for directories and files [Kibana]: Enter IP Addresses for instance (comma-separated if more than one) : 22.214.171.124 Enter DNS names for instance (comma-separated if more than one) : Kibanatest.mydomain.com
Public IP's,domains etc are not the real ones
Then unzipped the cert files created and edited the yml files.
xpack.ssl.key: /etc/elasticsearch/Artorias/Artorias.key xpack.ssl.certificate: /etc/elasticsearch/Artorias/Artorias.crt xpack.ssl.certificate_authorities: [ "/etc/elasticsearch/ca/ca.crt" ] xpack.security.transport.ssl.enabled: true xpack.security.http.ssl.enabled: true xpack.security.audit.enabled: true
elasticsearch.url: "https://127.0.0.1:9200" server.host: "0.0.0.0" server.port: 5601 elasticsearch.username: "kibana" elasticsearch.password: "@kibana@" server.ssl.enabled: true server.ssl.certificate: /etc/kibana/Kibana/Kibana.crt server.ssl.key: /etc/kibana/Kibana/Kibana.key elasticsearch.ssl.certificate: /etc/elasticsearch/Artorias/Artorias.crt elasticsearch.ssl.key: /etc/elasticsearch/Artorias/Artorias.key elasticsearch.ssl.verificationMode: none
Passwords and usernames shown above are not the real ones
Also changed the kibana and elasticsearch passwords using curl.
After all that when we try to connect to kibana we get "Error to many redirects".
Using curl to localhost:9200 returns a security error and suggests to use --insecure.
curl -u elastic https://127.0.0.1:9200
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html
EDIT: While making this post we noticed this piece of commented code :
# When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host # that connects to this Kibana instance. #elasticsearch.preserveHost: true
Which led us to changed this piece of the kibana.yml which actually allowed us to login on kibana :
# The Kibana server's name. This is used for display purposes. server.name: "localhost"
The previous value was "your-hostname" and was commented out.
But since it states that it is for display purposes only i cannot understand why this could create an error
Can you please take a look on our configurations?
Is there anything wrong that we need to change?
The fact that we made it work doesn't mean it's actually correct and optimal.
Also any suggestions would be great.