Commit 4331e1fb authored by Andreas Düren's avatar Andreas Düren
Browse files

Enable transport SSL and fix password reset command

parent d0e9df2b

elasticsearch.yml

+4 −1
Original line number Diff line number Diff line
@@ -22,7 +22,10 @@ discovery.type: single-node 


# --------------------------------- Security ----------------------------------

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: false

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

xpack.security.http.ssl.enabled: false

xpack.security.authc.token.enabled: false

xpack.security.authc.api_key.enabled: false

start.sh

+9 −1
Original line number Diff line number Diff line
@@ -342,6 +342,14 @@ start_elasticsearch() { 
    # Command to start Elasticsearch

    ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch"

    ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD"

    # Add explicit settings for transport SSL

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.enabled=true"

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"

    # Add empty password for certificates (we created them without password)

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"

    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"

    ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"

    

    echo "Starting Elasticsearch..."
@@ -373,7 +381,7 @@ start_elasticsearch() { 
    

    # Reset the elastic user password

    cd $ES_HOME

    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true

    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic --password "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true

    

    # Create index template with the settings we removed from elasticsearch.yml

    echo "Applying index templates with settings removed from elasticsearch.yml..."