42 lines
1.1 KiB
Plaintext
42 lines
1.1 KiB
Plaintext
|
|
|||
|
|
# 获取ES 的证书指纹
|
|||
|
|
sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
|
|||
|
|
sha256 Fingerprint=80:AF:64:DB:04:3E:12:EB:DA:11:C1:0F:70:04:2A:F9:13:06:A7:05:FD:CB:62:85:81:4A:84:B4:20:C7:34:A5
|
|||
|
|
|
|||
|
|
# kibana web创建的用户
|
|||
|
|
admin
|
|||
|
|
G7ZSKFM4AQwHQpwA
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# Filebeat
|
|||
|
|
output.elasticsearch:
|
|||
|
|
hosts: ["https://49.51.33.153:9200"]
|
|||
|
|
username: "elastic"
|
|||
|
|
password: "-0NiIBOJGn2CATuPWzNc"
|
|||
|
|
|
|||
|
|
# 用指纹验证(代替证书文件)
|
|||
|
|
ssl.verification_mode: "certificate"
|
|||
|
|
ssl.certificate_authorities: [] # 留空(不校验完整链)
|
|||
|
|
ssl.supported_protocols: [TLSv1.2, TLSv1.3]
|
|||
|
|
|
|||
|
|
# 关键:指定 CA 指纹(必须全大写,无 0x,带冒号)
|
|||
|
|
ssl.ca_trusted_fingerprint: "80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5"
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# python
|
|||
|
|
from elasticsearch import Elasticsearch
|
|||
|
|
|
|||
|
|
es = Elasticsearch(
|
|||
|
|
hosts=["https://49.51.33.153:9200"],
|
|||
|
|
basic_auth=("elastic", "-0NiIBOJGn2CATuPWzNc"),
|
|||
|
|
# 指纹必须去掉冒号,全大写
|
|||
|
|
ssl_assert_fingerprint="80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5",
|
|||
|
|
verify_certs=True # 必须为 True
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
print(es.info())
|