Hello,
I tried setting up TLS on the HTTP layer in Elasticsearch and after the process I am getting an error "Kibana server is not ready yet".
root@ip-pri.ip:~# systemctl status kibana
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-10-21 03:43:47 UTC; 34s ago
Main PID: 7975 (node)
Tasks: 11 (limit: 4686)
CGroup: /system.slice/kibana.service
└─7975 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist
Oct 21 03:44:03 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:03Z","tags":["warning","plugins","monitoring","monitoring"],"pid":7975,"message":"X-Pack Monitoring Cluster Alerts will not be available:
Oct 21 03:44:03 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:03Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:03 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:03Z","tags":["error","savedobjects-service"],"pid":7975,"message":"Unable to retrieve version information from Elasticsearch nodes."}
Oct 21 03:44:06 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:06Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:08 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:08Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:11 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:11Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:13 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:13Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:16 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:16Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:18 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:18Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
Oct 21 03:44:21 ip-pri.ip kibana[7975]: {"type":"log","@timestamp":"2021-10-21T03:44:21Z","tags":["error","elasticsearch","data"],"pid":7975,"message":"[ConnectionError]: self signed certificate in certificate chain"}
kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "pri.ip"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://pri.ip:9200"]
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "****"
elasticsearch.password: "****"
Elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: xyz
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: xyz
#
#node.master: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: pri.ip
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["pri.ip"]
discovery.type: single-node
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
# cluster.initial_master_nodes: ["pri.ip", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true