一、服务器初始化
1、vi /etc/security/limits.conf
新增
* soft nofile 65536
* hard nofile 65536
2、vi /etc/sysctl.conf
vm.max_map_count=262144
修改完毕后服务器需要重启
二、证书生成
bin/elasticsearch-certutil ca
第一次回车:请确认证书输出的文件名 config/certs/elastic-stack-ca.p12
第二次回车:为证书添加密码
2.用CA证书签发节点证书
bin/elasticsearch-certutil cert --ca config/certs/elastic-stack-ca.p12
第一次回车:输入CA证书的密码
第二次会车:确认输出文件名称 config/certs/elastic-certificates.p12
第三次回车:输入节点证书密码
修改elasticsearch.yml 配置:
cluster.name: demo
node.name: es01
#path.data: /path/to/data
#path.logs: /path/to/logs
network.host: 192.168.1.11
#http.port: 9200
cluster.initial_master_nodes: ["es01", "nes02"]
discovery.seed_hosts: ["192.168.1.9", "192.168.1.10","192.168.1.11"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: /home/wuxiaofan/elasticsearch-8.8.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/wuxiaofan/elasticsearch-8.8.2/config/certs/elastic-certificates.p12
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/wuxiaofan/elasticsearch-8.8.2/elasticsearch-8.8.2/config/certs/http.p12
xpack.security.http.ssl.truststore.path: /home/wuxiaofan/elasticsearch-8.8.2/elasticsearch-8.8.2/config/certs/http.p12
3.重置用户密码
bin/elasticsearch-reset-password -u elastic
ubuntu关闭防火墙方法:
sudo ufw status
sudo ufw enable
sudo ufw disable