Step-by-Step Guide to Secure Elasticsearch with SSL Certs and Authentication
Purvesh Panchal
Posted on August 23, 2024
This detailed article will show you how to secure Elasticsearch on Ubuntu 20.04 using X-Pack and SSL/TLS encryption.
Step 1: Install your desired version of Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb.sha512
shasum -a 512 -c elasticsearch-8.15.0-amd64.deb.sha512
sudo dpkg -i elasticsearch-8.15.0-amd64.deb
Step 2: Enable X-Pack security
sudo nano /etc/elasticsearch/elasticsearch.yml
- Open the Elasticsearch configuration file for editing.
- Uncomment the line
xpack.security.enabled: true
by removing the#
at the beginning. - Save the changes and exit the text editor.
Step 3: Generate SSL certificates
sudo mkdir /etc/elasticsearch/certs
sudo apt install openssl
sudo openssl req -x509 -out /etc/elasticsearch/certs/elastic1.crt -keyout /etc/elasticsearch/certs/elastic1.key -newkey rsa:2048 -nodes -sha256 -subj "/C=US/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=localhost"
sudo openssl pkcs12 -export -in /etc/elasticsearch/certs/elastic1.crt -inkey /etc/elasticsearch/certs/elastic1.key -out /etc/elasticsearch/certs/elastic1.p12 -name "elasticsearch-cert"
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo chmod 0400 /etc/elasticsearch/certs/*
- This step generates a self-signed SSL certificate using OpenSSL and converts it to PKCS#12 format.
Step 4: Configure SSL settings
sudo nano /etc/elasticsearch/elasticsearch.yml
- Open the Elasticsearch configuration file for editing.
- Add the following lines at the end of the file to configure SSL settings:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic1.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic1.p12
- Save the changes and exit the text editor.
Step 5: Restart Elasticsearch
sudo systemctl restart elasticsearch
- This step restarts Elasticsearch to apply the configuration changes.
Step 6: Verify SSL/TLS encryption
curl --cacert /etc/elasticsearch/certs/elastic1.p12 https://localhost:9200
- This command tests the SSL/TLS connection using
curl
to verify that the SSL/TLS encryption is working properly.
Step 7: Configure user authentication and roles
sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
- This step sets the password for the built-in
elastic
user. Make sure to save the generated password. - Configure additional users and roles as needed using the
elasticsearch-users
command.
Step 8: Update firewall rules
- If you have a firewall enabled, allow incoming connections to the Elasticsearch port (default: 9200) and SSL/TLS port (default: 9300) to ensure external access.
- For example, using
ufw
firewall:
sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp
- Adjust the commands based on your specific firewall configuration.
By following these steps, you should be able to secure Elasticsearch using X-Pack with SSL/TLS encryption on Ubuntu 20.04. Remember to adjust any file paths or configurations according to your specific requirements.
💖 💪 🙅 🚩
Purvesh Panchal
Posted on August 23, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
githubcopilot AI Innovations at Microsoft Ignite 2024 What You Need to Know (Part 2)
November 29, 2024