Fix SSL keystore password configuration

2025-03-16 19:09:06 +01:00 · 2025-03-16 19:09:06 +01:00 · 065b950292
commit 065b950292
parent 4331e1fb18
2 changed files with 8 additions and 6 deletions
--- a/elasticsearch.yml
+++ b/elasticsearch.yml
@ -25,7 +25,9 @@ xpack.security.enabled: true
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: certificate
 xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
+xpack.security.transport.ssl.keystore.password: cloudron
 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
+xpack.security.transport.ssl.truststore.password: cloudron
 xpack.security.http.ssl.enabled: false
 xpack.security.authc.token.enabled: false
 xpack.security.authc.api_key.enabled: false
--- a/start.sh
+++ b/start.sh
@ -173,14 +173,14 @@ configure_elasticsearch() {
        
        ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-certutil ca \
            --out /tmp/elastic-certs/elastic-stack-ca.p12 \
-            --pass "" \
+            --pass "cloudron" \
            --silent
            
        ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-certutil cert \
            --ca /tmp/elastic-certs/elastic-stack-ca.p12 \
-            --ca-pass "" \
+            --ca-pass "cloudron" \
            --out $ES_PATH_CONF/elastic-certificates.p12 \
-            --pass "" \
+            --pass "cloudron" \
            --silent
            
        chown elasticsearch:elasticsearch $ES_PATH_CONF/elastic-certificates.p12
@ -347,9 +347,9 @@ start_elasticsearch() {
    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"
    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"
    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"
-    # Add empty password for certificates (we created them without password)
-    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"
-    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"
+    # Use "cloudron" as the dummy password for certificates (Elasticsearch doesn't accept empty passwords)
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=cloudron"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=cloudron"
    ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"
    
    echo "Starting Elasticsearch..."