[toc]

1. win10命令行乱码

1.1 elasticsearch命令行中文乱码

win10命令行启动elasticsearch时,命令行字符乱码,须要批改编码格局:
有两种, 一种是长期, 一种是永恒批改注册表:

1.2 长期批改

输出【win+r】->chcp 65001->确定

1.3 批改注册表

1. 关上注册表: 输出【win+r】,regedit 确定;2. 门路【HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor】3. 【新建->字符串值】名称=autorun, 值=chcp 65001

2. es生成证书

2.1 签发CA证书

./bin/elasticsearch-certutil ca
一路回车, 目录下生成: elastic-stack-ca.p12

2.2 用CA证书生成节点证书

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
一路回车不要明码, 会生成: elastic-certificates.p12

2.3 将CA证书和节点证书mv到config/certs下

mv *.p12 config/certs/

2.4 签发HTTP证书

交互过程如下: (centos7)

./bin/elasticsearch-certutil http# 不须要csr, 输出nGenerate a CSR? [y/N]n# 应用生成的CA整肃, 输出yUse an existing CA? [y/N]y# 输出CA门路: 从certs开始CA Path: certs/elastic-stack-ca.p12# 没有CA明码,间接回车Password for elastic-stack-ca.p12:# 设置5年,默认,输出:5yFor how long should your certificate be valid? [5y] 5y# 是否须要每个节点都生成证书:输出nGenerate a certificate per node? [y/N]n# 输出node名称: hostname, 输出后y确认ZB-PF2P9LED# 输出ip: , 输出后y确认192.168.0.102# 方才这些配置还须要批改吗? 输出nDo you wish to change any of these options? [y/N]n# 不必明码, 回车Provide a password for the "http.p12" file:  [<ENTER> for none]# 问要不要给http证书改名, 间接回车What filename should be used for the output zip file? [D:\devs\elastic-safe\es8.5.2\elasticsearch-ssl-http.zip]#最初:Zip file written to D:\devs\elastic-safe\es8.5.2\elasticsearch-ssl-http.zip

2.5 证书放到certs目录下

unzip elasticsearch-ssl-http.zip elasticsearch-ssl-http/mv elasticsearch/http.p12 kibana/elasticsearch-ca.pem config/certs/# 其余的文件删掉即可

3. 配置elasticsearch.yml

cluster.name: es-clusternode.name: es-node-1path.data: D:/devs/elastic-safe/es8.5.2/datapath.logs: D:/devs/elastic-safe/es8.5.2/logs# 设置网络拜访节点network.host: ZB-PF2P9LED# 设置网络拜访端口http.port: 9200# 初始种子节点#discovery.seed_hosts: ["ZB-PF2P9LED"]# 平安认证xpack.security.enabled: truexpack.security.enrollment.enabled: true# http的认证xpack.security.http.ssl:   enabled: true  keystore.path: D:/devs/elastic-safe/es8.5.2/config/certs/http.p12  truststore.path: D:/devs/elastic-safe/es8.5.2/config/certs/http.p12# 传输认证xpack.security.transport.ssl:   enabled: true  verification_mode: certificate  keystore.path: D:/devs/elastic-safe/es8.5.2/config/certs/elastic-certificates.p12  truststore.path: D:/devs/elastic-safe/es8.5.2/config/certs/elastic-certificates.p12# 此处留神, es-node-1是下面配置的节点名称cluster.initial_master_nodes: ["es-node-1"]http.host: [_local_, _site_]ingest.geoip.downloader.enabled: falsexpack.security.http.ssl.client_authentication: none

而后启动, 即可!

3.2 额定配置(阿里云)

max_map_count文件蕴含限度一个过程能够领有的VMA(虚拟内存区域)的数量  解决方法:    #切换到root用户批改vim /etc/sysctl.conf    # 在最初面追加上面内容vm.max_map_count=655360执行  sysctl -p

4. kibana证书

4.1 kibana证书装置

# 1. 间接回车,生成: csr-bundle.zip ./bin/elasticsearch-certutil csr -name kibana -dns niewj# 2. 解压缩 kibana.csr kibana.key mv到kibana/config下# 3. cd到kibana/config下生成crt文件openssl x509 -req -in kibana.csr -signkey kibana.key -out kibana.crt

4.2 kibana外围配置

server.port: 5601server.host: "niewj"i18n.locale: "zh-CN"# es主服务器地址elasticsearch.hosts: ["https://niewj:9200"]# es拜访账密elasticsearch.username: "kibana"elasticsearch.password: "xxxxxx"elasticsearch.ssl.verificationMode: noneelasticsearch.ssl.certificateAuthorities: ["/xxx/es-8.5.2/config/certs/elasticsearch-ca.pem"]server.ssl.enabled: trueserver.ssl.certificate: /xxx/kibana-8.5.2/config/kibana.crtserver.ssl.key: /xxx/kibana-8.5.2/config/kibana.key