search

lmenezes / cerebro

MIT License
5.52k stars 716 forks source link

how do I add certificate to cerebro config #473

Open pgovalkar opened 4 years ago

moliware commented 4 years ago

I can't help much on this, but digging in solved issues you have examples like #276

ghost commented 4 years ago

Hi, check this configuration, just add below code to application.conf. It works for me.

# Serve internal ssl/tls communication eg. with Elasticsearch cluster
play.ws.ssl {
 keyManager = {
   stores = [
     {
       type = "PKCS12",
       path = "/opt/cerebro/conf/keystore.pkcs12",
       password = "changeit"
     }
   ]
 }
 trustManager = {
   stores = [
     { type = "PEM", path = "/opt/cerebro/conf/orangeCAchain.pem" }
   ]
 }
}

# Serve interface via https
play.server.https.keyStore.path = "/opt/cerebro/conf/keystore.pkcs12"
play.server.https.keyStore.password = "changeit"
http.port = "disabled"
https.port = "9000"
lavanyalahari24 commented 3 years ago

Hi can any one help me please how to create certificates at /opt/cerebro/conf/

SebastianThorn commented 2 years ago

We added an httpd infront of the Cerebro to achive this and add auth, this might not solve your issue.

liangxiong3403 commented 2 years ago

elasticsearch version

docker.elastic.co/elasticsearch/elasticsearch:8.2.2

cerebro docker tag

lmenezes/cerebro:0.9.4

1.if you have no elastic.pem , you can produce one according a crt file (http_ca.crt come from docker container when elasticsearch container starting successfully);

# copy crt file to host 
docker cp your_es_container_id:/usr/share/elasticsearch/config/certs/http_ca.crt .
# produce pem file according crt file
openssl x509 -in http_ca.crt -out elastic.pem -outform PEM
# copy pem file to docker container
docker cp elastic.pem your_cerebro_container_id:/opt/cerebro/

2.then you can config cerebro using application.conf to connect to es over https;

the important part of application.conf :

hosts = [
  {
    host = "https://YOUR-IP:9200"
    name = "es-docker-cluster"
    auth = {
      username = "username"
      password = "token from console or reset it"
    }
  }
]

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/opt/cerebro/elastic.pem" }
    ]
  }
}     
play.ws.ssl.loose.acceptAnyCertificate=true
  1. restart your cerebro container, and visit cerebro web-ui, you can find one link over there.
jintaoit commented 2 years ago

elasticsearch version

docker.elastic.co/elasticsearch/elasticsearch:8.2.2

cerebro docker tag

lmenezes/cerebro:0.9.4

1.if you have no elastic.pem , you can produce one according crt file (http_ca.crt come from docker container when cerebro starting successful);

# copy crt file to host 
docker cp your_es_container_id:/usr/share/elasticsearch/config/certs/http_ca.crt .
# produce pem file according crt file
openssl x509 -in http_ca.crt -out elastic.pem -outform PEM
# copy pem file to docker container
docker cp elastic.pem your_cerebro_container_id:/opt/cerebro/

2.then you can config cerebro using application.conf to connect to es over https;

the important part of application.conf :

hosts = [
  {
    host = "https://YOUR-IP:9200"
    name = "es-docker-cluster"
    auth = {
      username = "username"
      password = "token from console or reset it"
    }
  }
]

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/opt/cerebro/elastic.pem" }
    ]
  }
}     
play.ws.ssl.loose.acceptAnyCertificate=true
  1. restart your cerebro container, and visit cerebro web-ui, you can find one link over there.

it helps me a lot,thanks~