Hi All
I'm trying to set up my kibana to use SSL for 7.16.3, like I set up Elasticsearch.
So I used this guide : Encrypting communications in an Elasticsearch Docker Container | Elasticsearch Guide [7.17] | Elastic
to set up Elasticsearch.
I then expanded the instances.yml to create certs for kibana
Looking int the 'certs' disc I see these folders (and zip file):
bundle.zip ca elastichq es01 es02 es03 kibana logstash
and inside the kibana folder I see
kibana.crt kibana.key
I then set up docker-compose.yml like this:
kibana:
image: docker.elastic.co/kibana/kibana:7.16.3
container_name: kibana
environment:
- SERVER_NAME="kibana.onead.dk"
- node.name=kibana
- ELASTICSEARCH_HOSTS="http://elasticsearch:9200"
- XPACK_SECURITY_ENABLED=true
- ELASTICSEARCH_USERNAME="kibana"
- ELASTICSEARCH_PASSWORD="XpYnSc0K4ziDuryfkMnH"
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES="$CERTS_DIR/kibana/kibana.crt"
- ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate
- SERVER_SSL_ENABLED=true
- SERVER_SSL_KEY="$CERTS_DIR/kibana/kibana.key"
- SERVER_SSL_CERTIFICATE="$CERTS_DIR/kibana/kibana.crt"
ulimits:
nproc: 65535
memlock:
soft: -1
hard: -1
cap_add:
- ALL
Which is the same path for the certs as set in the Elasticsearch.
But looking in the logs I see this message:
kibana | {"type":"log","@timestamp":"2022-02-08T09:29:28+00:00","tags":["fatal","root"],"pid":8,"message":"Error: ENOENT: no such file or directory, open '/usr/share/elasticsearch/config/certificates/kibana/kibana.key'\n at Object.openSync (node:fs:585:3)\n at readFileSync (node:fs:453:35)\n at readFile (/usr/share/kibana/node_modules/@kbn/server-http-tools/target_node/ssl/ssl_config.js:175:47)\n at new SslConfig (/usr/share/kibana/node_modules/@kbn/server-http-tools/target_node/ssl/ssl_config.js:126:18)\n at new HttpConfig (/usr/share/kibana/src/core/server/http/http_config.js:256:16)\n at MapSubscriber.project (/usr/share/kibana/src/core/server/http/http_service.js:62:239)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:49:35)\n at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at CombineLatestSubscriber.notifyNext (/usr/share/kibana/node_modules/rxjs/internal/observable/combineLatest.js:97:34)\n at InnerSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/InnerSubscriber.js:28:21)\n at InnerSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:55:26)\n at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at DistinctUntilChangedSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)\n at DistinctUntilChangedSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:55:26) {\n errno: -2,\n syscall: 'open',\n code: 'ENOENT',\n path: '/usr/share/elasticsearch/config/certificates/kibana/kibana.key'\n}"}
kibana |
kibana | FATAL Error: ENOENT: no such file or directory, open '/usr/share/elasticsearch/config/certificates/kibana/kibana.key'
kibana |
kibana exited with code 1
So for me it looks like it's trying to set up the certificates, but doesn't get the path? How do I fix that?