前言:本博客仅作记录学习使用,部分图片出自网络,如有侵犯您的权益,请联系删除
学习B站博主教程笔记:
最新版适合自学的ElasticStack全套视频(Elk零基础入门到精通教程)Linux运维必备—ElasticSearch+Logstash+Kibana精讲_哔哩哔哩_bilibilihttps://www.bilibili.com/video/BV1VMW3e6Ezk/?spm_id_from=333.1007.tianma.1-1-1.click&vd_source=e539f90574cdb0bc2bc30a8b5cb3fc00
1、基于nginx反向代理控制kibana
(1)部署Nginx服务
# Nginx安装详见前文
yum -y install httpd-tools
(2)编写Nginx的配置文件
cat > /etc/nginx/conf.d/kibana.conf <<'EOF'
server {
listen 80;
server_name kibana.elk.com;
location / {
proxy_pass http://192.168.1.12:5601$request_uri;
auth_basic "ELk kibana web!";
auth_basic_user_file conf/htpasswd;
}
}
EOF
(3)创建账号文件
mkdir -pv /etc/nginx/conf
htpasswd -c -b /etc/nginx/conf/htpasswd admin cluster
(4)启动Nginx服务
nginx -t
systemctl restart nginx
(5)访问Nginx验证Kibana访问
2、配置ES集群TSL认证
# (1)生成证书文件
cd /cluster/softwares/es/
elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
# (2)为证书文件修改属主和属组
chown elsearch:elsearch config/elastic-certificates.p12
# (3)同步证书文件到其他节点
data_rsync.sh `pwd`/config/elastic-certificates.p12
# (4)修改ES集群的配置文件
vim /cluster/softwares/es/config/elasticsearch.yml
...
# 在最后一行添加以下内容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
# (5)同步ES配置文件到其他节点
data_rsync.sh `pwd`/config/elasticsearch.yml
# (6)所有节点重启ES集群
systemctl restart es
# (7)生成随机密码
elasticsearch-setup-passwords auto
...
Changed password for user kibana_system
PASSWORD kibana_system = X1fvzVFyZRyE8Vly8iPv
Changed password for user elastic
PASSWORD elastic = ZtnXmiPLLTZXvcgLArPq
测试访问:
3、kibana添加ES认证
# (1)修改kibana的配置文件
vim /cluster/softwares/kibana/config/kibana.yml
...
elasticsearch.username: "kibana_system"
elasticsearch.password: "X1fvzVFyZRyE8Vly8iPv"
# (2)重启kibana访问
su -c "kibana" elsearch
4、Kibana的RBAC
5、logstash写入ES加密集群案例
input {
stdin {}
}
output {
stdout { }
elasticsearch {
index => "cluster-linux-logstash-666"
hosts => "192.168.1.10:9200"
user => "logstash-linux"
password => "123456"
}
}
建议不要使用elastic管理员用户给logstash程序使用,而是创建一个普通用户,并为该用户细化权限。
6、filebeat写入ES加密集群案例
filebeat.inputs:
- type: stdin
output.elasticsearch:
enabled: true
hosts: ["http://192.168.1.10:9200","http://192.168.1.11:9200","http://192.168.1.12:9200"]
index: "cluster-linux-stdin-%{+yyyy.MM.dd}"
username: "filebeat-linux"
password: "123456"
setup.ilm.enabled: false
setup.template.name: "cluster-linux"
setup.template.pattern: "cluster-linux*"
setup.template.overwrite: true
setup.template.settings:
index.number_of_shards: 3
index.number_of_replicas: 0
致谢
在此,我要对所有为知识共享做出贡献的个人和机构表示最深切的感谢。同时也感谢每一位花时间阅读这篇文章的读者,如果文章中有任何错误,欢迎留言指正。
学习永无止境,让我们共同进步!!