設定完TLS 發現只能本機用IP連,使用127.0.0.1及localhost無法連線
其他主機也都無法連線
Comment
curl https://localhost:9200
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:9200
在 elasticsearch_audit 發現
{"type":"audit", "timestamp":"2022-01-20T12:57:57,621+0800", "node.id":"tUCQb6ADSLaZHr4VU8w7WA", "event.type":"ip_filter", "event.action":"connection_denied", "origin.type":"rest", "origin.address":"127.0.0.1", "transport.profile":".http", "rule":"deny _all"}
原來是之前設定到,但沒啟用security所以沒生效
curl "https://IP:9200/_cluster/settings?pretty"
{
"persistent" : {
"cluster" : {
"max_shards_per_node" : "2000"
},
"xpack" : {
"monitoring" : {
"collection" : {
"enabled" : "true"
}
},
"security" : {
"http" : {
"filter" : {
"allow" : "IP",
"deny" : "_all",
"enabled" : "true"
}
},
"transport" : {
"filter" : {
"allow" : "IP",
"deny" : "_all",
"enabled" : "false"
}
}
}
}
},
"transient" : { }
}
把它disable就沒事了!!
curl -X PUT "https://IP:9200/_cluster/settings" -H 'Content-Type: application/json' -d'
{
"persistent": {
"xpack.security.http.filter.enabled": false
}
}
'
留言
張貼留言