Open pgovalkar opened 4 years ago
Hi, check this configuration, just add below code to application.conf. It works for me.
# Serve internal ssl/tls communication eg. with Elasticsearch cluster
play.ws.ssl {
keyManager = {
stores = [
{
type = "PKCS12",
path = "/opt/cerebro/conf/keystore.pkcs12",
password = "changeit"
}
]
}
trustManager = {
stores = [
{ type = "PEM", path = "/opt/cerebro/conf/orangeCAchain.pem" }
]
}
}
# Serve interface via https
play.server.https.keyStore.path = "/opt/cerebro/conf/keystore.pkcs12"
play.server.https.keyStore.password = "changeit"
http.port = "disabled"
https.port = "9000"
Hi can any one help me please how to create certificates at /opt/cerebro/conf/
We added an httpd infront of the Cerebro to achive this and add auth, this might not solve your issue.
elasticsearch version
docker.elastic.co/elasticsearch/elasticsearch:8.2.2
cerebro docker tag
lmenezes/cerebro:0.9.4
1.if you have no elastic.pem
, you can produce one according a crt file (http_ca.crt
come from docker container when elasticsearch container starting successfully);
# copy crt file to host
docker cp your_es_container_id:/usr/share/elasticsearch/config/certs/http_ca.crt .
# produce pem file according crt file
openssl x509 -in http_ca.crt -out elastic.pem -outform PEM
# copy pem file to docker container
docker cp elastic.pem your_cerebro_container_id:/opt/cerebro/
2.then you can config cerebro using application.conf to connect to es over https;
the important part of application.conf :
hosts = [
{
host = "https://YOUR-IP:9200"
name = "es-docker-cluster"
auth = {
username = "username"
password = "token from console or reset it"
}
}
]
play.ws.ssl {
trustManager = {
stores = [
{ type = "PEM", path = "/opt/cerebro/elastic.pem" }
]
}
}
play.ws.ssl.loose.acceptAnyCertificate=true
elasticsearch version
docker.elastic.co/elasticsearch/elasticsearch:8.2.2
cerebro docker tag
lmenezes/cerebro:0.9.4
1.if you have no
elastic.pem
, you can produce one according crt file (http_ca.crt
come from docker container when cerebro starting successful);# copy crt file to host docker cp your_es_container_id:/usr/share/elasticsearch/config/certs/http_ca.crt . # produce pem file according crt file openssl x509 -in http_ca.crt -out elastic.pem -outform PEM # copy pem file to docker container docker cp elastic.pem your_cerebro_container_id:/opt/cerebro/
2.then you can config cerebro using application.conf to connect to es over https;
the important part of application.conf :
hosts = [ { host = "https://YOUR-IP:9200" name = "es-docker-cluster" auth = { username = "username" password = "token from console or reset it" } } ] play.ws.ssl { trustManager = { stores = [ { type = "PEM", path = "/opt/cerebro/elastic.pem" } ] } } play.ws.ssl.loose.acceptAnyCertificate=true
- restart your cerebro container, and visit cerebro web-ui, you can find one link over there.
it helps me a lot,thanks~
I can't help much on this, but digging in solved issues you have examples like #276