Open gopi-nath opened 7 years ago
Hi there! To send to a elasticsearch backend that is secured via https, you should add the certificate to the trust store of the application sending the metrics.
The trust store is a place for trusted root certificates. The following article provides an introduction on how to import the certificate in to the trust store: https://connect2id.com/blog/importing-ca-root-cert-into-jvm-trust-store Edit to clarify: you should import the certificate of the elasticsearch host. Look here to find out how to extract the certificate: https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
The alternative, if you do not want to modify the trust store, is to obtain the certificate from a trusted certificate provider, like Let's Encrypt. Let's Encrypt issues free certificate, but your system has to be reachable from the internet for the certificate issuing process.
Reach out if you have more questions.
Best regards, Fabian
Hi,
Thanks for the help. I already tried that. I added the certificate to the trust store. But i'm still getting the same exception.
Is there any way to support mutual SSL while sending index request to ES? We have a setup that requires mutual SSL so the client will need client cert + req.
@jay-dihenkar I have not tried this yet. You could try following the suggestions in this stack overflow thread: https://stackoverflow.com/a/2240993/1125055
@gopinath-evive How did you configure elasticsearch to use ssl encryption? Are you using x-pack security?
Also the config stagemonitor.elasticsearch.numberOfShards=100
seems a bit high. Why do you want that many shards?
@felixbarny numberOfShards=100 was just for testing purpose. I have actually set it to numberOfShards=1.
The issue is resolved. It was a certificate issue on the server.
Also could you please let me know when https://github.com/stagemonitor/stagemonitor/commit/7c41e3759fe3ebc2738564506e05411c58b256b0 (ElasticsearchClient.java) will be released ?
I'm getting null pointer exception in 0.31.0.
@gopi-nath 0.80.0.RC1 will be released within the next few days.
How did you resolve the issue on your server?
@felixbarny : We run a mutual SSL setup for ES <--> Application. Now I didn't find any way to setup the mutual ssl via the http client used in the stagemonitor. So, we used a reverse proxy infront of ES to handle mutual SSL and let stagemonitor talk to it.
Thx, that's good to know. In the future, I might use the official Elastichsearch REST client.
Hi,
I am not able to send data to es5.x
Following is my stagemonitor.properties stagemonitor.applicationName=name stagemonitor.instrument.include=com.evive.name stagemonitor.init.async=true stagemonitor.active=true stagemonitor.reporting.interval.elasticsearch=1 stagemonitor.elasticsearch.numberOfReplicas=1 stagemonitor.elasticsearch.numberOfShards=100 stagemonitor.instrument.runtimeAttach=true stagemonitor.elasticsearch.availabilityCheckPeriodSec=5 stagemonitor.elasticsearch.url=https://user:pass@data3:9202/ stagemonitor.web.collectPageLoadTimesPerRequest=true stagemonitor.plugins.disabled=JdbcPlugin stagemonitor.internal.monitoring=true
While starting the application, I get the following logs and then no logs regarding stagemonitor,(no errors or warns).
When checked ES logs, found the following exception:
How do i provide SSL support here?