close
close

first Drop

Com TW NOw News 2024

Step-by-step guide to securing Elasticsearch with SSL certificates and authentication
news

Step-by-step guide to securing Elasticsearch with SSL certificates and authentication

Step 1: Install Elasticsearch

sudo apt update
sudo apt install elasticsearch
Go to full screen mode

Exit full screen

Step 2: Enable X-Pack Security

sudo nano /etc/elasticsearch/elasticsearch.yml
Go to full screen mode

Exit full screen

  • Open the Elasticsearch configuration file for editing.
  • Remove the comment from the line xpack.security.enabled: true by removing the # at the beginning.
  • Save the changes and close the text editor.

Step 3: Generate SSL certificates

sudo mkdir /etc/elasticsearch/certs
sudo apt install openssl
sudo openssl req -x509 -out /etc/elasticsearch/certs/elastic1.crt -keyout /etc/elasticsearch/certs/elastic1.key -newkey rsa:2048 -nodes -sha256 -subj "/C=US/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=localhost"
sudo openssl pkcs12 -export -in /etc/elasticsearch/certs/elastic1.crt -inkey /etc/elasticsearch/certs/elastic1.key -out /etc/elasticsearch/certs/elastic1.p12 -name "elasticsearch-cert"
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo chmod 0400 /etc/elasticsearch/certs/*
Go to full screen mode

Exit full screen

  • This step generates a self-signed SSL certificate using OpenSSL and converts it to PKCS#12 format.

Step 4: Configure SSL settings

sudo nano /etc/elasticsearch/elasticsearch.yml
Go to full screen mode

Exit full screen

  • Open the Elasticsearch configuration file for editing.
  • Add the following lines to the end of the file to configure the SSL settings:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic1.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic1.p12
Go to full screen mode

Exit full screen

  • Save the changes and close the text editor.

Step 5: Restart Elasticsearch

sudo systemctl restart elasticsearch
Go to full screen mode

Exit full screen

  • This step restarts Elasticsearch to apply the configuration changes.

Step 6: Check SSL/TLS encryption

curl --cacert /etc/elasticsearch/certs/elastic1.p12 https://localhost:9200
Go to full screen mode

Exit full screen

  • This command tests the SSL/TLS connection using curl to check if the SSL/TLS encryption is working correctly.

Step 7: Configure user authentication and roles

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Go to full screen mode

Exit full screen

  • This step sets the password for the built-in elastic user. Make sure to save the generated password.
  • Configure additional users and roles as needed using the elasticsearch-users command.

Step 8: Update Firewall Rules

  • If you have a firewall enabled, you must allow incoming connections through the Elasticsearch port (default: 9200) and the SSL/TLS port (default: 9300) to ensure external access.
  • For example, by using ufw firewall:
sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp
Go to full screen mode

Exit full screen

  • Customize the commands based on your specific firewall configuration.

By following these steps, you should be able to secure Elasticsearch with X-Pack with SSL/TLS encryption on Ubuntu 20.04. Remember to adjust any file paths or configurations to suit your specific requirements.