From 4331e1fb18096e46fa9cc4f54bb556ddd40d6e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20D=C3=BCren?=
 <andreasdueren@Andreass-Mac-mini.local>
Date: Sun, 16 Mar 2025 18:59:09 +0100
Subject: [PATCH] Enable transport SSL and fix password reset command

---
 elasticsearch.yml |  5 ++++-
 start.sh          | 10 +++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/elasticsearch.yml b/elasticsearch.yml
index 15b8c41..6df812d 100644
--- a/elasticsearch.yml
+++ b/elasticsearch.yml
@@ -22,7 +22,10 @@ discovery.type: single-node
 
 # --------------------------------- Security ----------------------------------
 xpack.security.enabled: true
-xpack.security.transport.ssl.enabled: false
+xpack.security.transport.ssl.enabled: true
+xpack.security.transport.ssl.verification_mode: certificate
+xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
+xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
 xpack.security.http.ssl.enabled: false
 xpack.security.authc.token.enabled: false
 xpack.security.authc.api_key.enabled: false
diff --git a/start.sh b/start.sh
index 5d676bb..067a5a2 100644
--- a/start.sh
+++ b/start.sh
@@ -342,6 +342,14 @@ start_elasticsearch() {
     # Command to start Elasticsearch
     ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch"
     ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD"
+    # Add explicit settings for transport SSL
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.enabled=true"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"
+    # Add empty password for certificates (we created them without password)
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"
     ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"
     
     echo "Starting Elasticsearch..."
@@ -373,7 +381,7 @@ start_elasticsearch() {
     
     # Reset the elastic user password
     cd $ES_HOME
-    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
+    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic --password "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
     
     # Create index template with the settings we removed from elasticsearch.yml
     echo "Applying index templates with settings removed from elasticsearch.yml..."