while setting up the highest security possible I am encountering multiple Problems.
The first one is:
[2021-09-13T13:01:54,594][INFO ][o.e.x.s.a.AuthenticationService] [elasticsearch] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
I don't know what the elastic-user is trying to do so I can't find out how to fix this problem. The password that I know for him is valid, which i checked after loggin into the webserver.
BUT i did not put this password into any keystore since I didn't read a Instruction to do it.(Only the kibana password for basic security)
The second Problem is:
received plaintext http traffic on an https channel, closing connection
This happened after I activated Basic Security+HTTPS. I am assuming that my self-signed Certificate is the reason for this? Or could there be another trigger? I am not very concerned since it only is a warning but I cannot find out which Process is trying to communicate with the 9200 port. My Log-Files are full with each of these messages so I will provide my .yml:
cluster.name: "cluster" node.name: node1 path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: node1 http.port: 9200 discovery.seed_hosts: - node2:9300 - node3:9300 cluster.initial_master_nodes: - node1 - node2 - node3 discovery.zen.minimum_master_nodes: 2 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
server.port: 5601 server.host: "node1" server.publicBaseUrl: "http://node1" server.name: "node1" elasticsearch.hosts: ["http://node1:9200"] elasticsearch.username: "kibana" elasticsearch.password: "??" logging.verbose: true monitoring.kibana.collection.enabled: false
I created one certificate and copied it to every node for the inner node communication. This worked.
Elasticsearch is working right but these messages are trashing the log files. I want to remove the Problem.
Thanks in advance.