This detailed article will show you how to secure Elasticsearch on Ubuntu 20.04 using X-Pack and SSL/TLS encryption.
Step 1: Install your desired version of Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb.sha512
shasum -a 512 -c elasticsearch-8.15.0-amd64.deb.sha512
sudo dpkg -i elasticsearch-8.15.0-amd64.deb
Step 2: Enable X-Pack security
sudo nano /etc/elasticsearch/elasticsearch.yml
- Open the Elasticsearch configuration file for editing.
- Uncomment the line
xpack.security.enabled: trueby removing the#at the beginning. - Save the changes and exit the text editor.
Step 3: Generate SSL certificates
sudo mkdir /etc/elasticsearch/certs
sudo apt install openssl
sudo openssl req -x509 -out /etc/elasticsearch/certs/elastic1.crt -keyout /etc/elasticsearch/certs/elastic1.key -newkey rsa:2048 -nodes -sha256 -subj "/C=US/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=localhost"
sudo openssl pkcs12 -export -in /etc/elasticsearch/certs/elastic1.crt -inkey /etc/elasticsearch/certs/elastic1.key -out /etc/elasticsearch/certs/elastic1.p12 -name "elasticsearch-cert"
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo chmod 0400 /etc/elasticsearch/certs/*
- This step generates a self-signed SSL certificate using OpenSSL and converts it to PKCS#12 format.
Step 4: Configure SSL settings
sudo nano /etc/elasticsearch/elasticsearch.yml
- Open the Elasticsearch configuration file for editing.
- Add the following lines at the end of the file to configure SSL settings:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic1.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic1.p12
- Save the changes and exit the text editor.
Step 5: Restart Elasticsearch
sudo systemctl restart elasticsearch
- This step restarts Elasticsearch to apply the configuration changes.
Step 6: Verify SSL/TLS encryption
curl --cacert /etc/elasticsearch/certs/elastic1.p12 https://localhost:9200
- This command tests the SSL/TLS connection using
curlto verify that the SSL/TLS encryption is working properly.
Step 7: Configure user authentication and roles
sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
- This step sets the password for the built-in
elasticuser. Make sure to save the generated password. - Configure additional users and roles as needed using the
elasticsearch-userscommand.
Step 8: Update firewall rules
- If you have a firewall enabled, allow incoming connections to the Elasticsearch port (default: 9200) and SSL/TLS port (default: 9300) to ensure external access.
- For example, using
ufwfirewall:
sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp
- Adjust the commands based on your specific firewall configuration.
By following these steps, you should be able to secure Elasticsearch using X-Pack with SSL/TLS encryption on Ubuntu 20.04. Remember to adjust any file paths or configurations according to your specific requirements.
Top comments (0)