使用了search-guard-5后,ES-head和cerebro-0.6.6 都无法通过认证了?
Elasticsearch | 作者 xiaoke | 发布于2017年10月11日 | 阅读数:10306
使用了search-guard-5后,ES-head和cerebro-0.6.6 都无法通过认证了?
因为ES都开启了SSL认证,但是es-head和cerebro都没有配置证书的地方?请问如何处理?
es-head的这种方式也只能通过用户密码认证,无法通过SSL认证
url like “http://localhost:9100/%3Fauth_ ... ngeme”
因为ES都开启了SSL认证,但是es-head和cerebro都没有配置证书的地方?请问如何处理?
es-head的这种方式也只能通过用户密码认证,无法通过SSL认证
url like “http://localhost:9100/%3Fauth_ ... ngeme”
4 个回复
Leeeo - 90后IT男
赞同来自: qiumingben
https://docs.search-guard.com/ ... guard
这里是search guard官网关于cerebro的配置示例。
xiaoke - http://blog.51cto.com/kexiaoke
赞同来自:
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_131]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:254) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1156) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1078) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.F
realwhs
赞同来自:
qiumingben - I walk like a shadow
赞同来自:
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.cors.allow-credentials: true
使用下面格式登陆head
http://localhost:9100/%3Fauth_ ... admin
要检查head插件发送的请求,看看当前账号是否权限不足,如果跟我的情况一样,就换admin账号