andreas/elasticsearch-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable transport SSL and fix password reset command

Browse Source
This commit is contained in:
Andreas Düren 2025-03-16 18:59:09 +01:00
parent d0e9df2b1d
commit 4331e1fb18
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
elasticsearch.yml
View File

@ -22,7 +22,10 @@ discovery.type: single-node
# --------------------------------- Security ---------------------------------- # --------------------------------- Security ----------------------------------
xpack.security.enabled: true xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: false xpack.security.http.ssl.enabled: false
xpack.security.authc.token.enabled: false xpack.security.authc.token.enabled: false
xpack.security.authc.api_key.enabled: false xpack.security.authc.api_key.enabled: false

10
start.sh
View File

@ -342,6 +342,14 @@ start_elasticsearch() {
# Command to start Elasticsearch # Command to start Elasticsearch
ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch" ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch"
ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD" ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD"
# Add explicit settings for transport SSL
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.enabled=true"
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"
# Add empty password for certificates (we created them without password)
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"
ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid" ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"
echo "Starting Elasticsearch..." echo "Starting Elasticsearch..."
@ -373,7 +381,7 @@ start_elasticsearch() {
# Reset the elastic user password # Reset the elastic user password
cd $ES_HOME cd $ES_HOME
echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic --password "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
# Create index template with the settings we removed from elasticsearch.yml # Create index template with the settings we removed from elasticsearch.yml
echo "Applying index templates with settings removed from elasticsearch.yml..." echo "Applying index templates with settings removed from elasticsearch.yml..."