Hello everyone,
while setting up the highest security possible I am encountering multiple Problems.
The first one is:
[2021-09-13T13:01:54,594][INFO ][o.e.x.s.a.AuthenticationService] [elasticsearch] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
I don't know what the elastic-user is trying to do so I can't find out how to fix this problem. The password that I know for him is valid, which i checked after loggin into the webserver.
BUT i did not put this password into any keystore since I didn't read a Instruction to do it.(Only the kibana password for basic security)
The second Problem is:
received plaintext http traffic on an https channel, closing connection
This happened after I activated Basic Security+HTTPS. I am assuming that my self-signed Certificate is the reason for this? Or could there be another trigger? I am not very concerned since it only is a warning but I cannot find out which Process is trying to communicate with the 9200 port. My Log-Files are full with each of these messages so I will provide my .yml:
elasticsearch.yml:
cluster.name: "cluster"
node.name: node1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: node1
http.port: 9200
discovery.seed_hosts:
- node2:9300
- node3:9300
cluster.initial_master_nodes:
- node1
- node2
- node3
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
kibana.yml:
server.port: 5601
server.host: "node1"
server.publicBaseUrl: "http://node1"
server.name: "node1"
elasticsearch.hosts: ["http://node1:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "??"
logging.verbose: true
monitoring.kibana.collection.enabled: false
I created one certificate and copied it to every node for the inner node communication. This worked.
Elasticsearch is working right but these messages are trashing the log files. I want to remove the Problem.
Thanks in advance.