DEV Community

Penn
Penn

Posted on • Edited on

How to Disable SSL & Authencation of Elasticsearch

disable SSL and user authencation

For local elasticsearch, sometimes we’d like to visit the instance without SSL(so that we can visit elastic on HTTP not HTTPS) and authencation. This article shows up how to diable the SSL and the authencation.

ps. The instance in the sample is hosted as a docker image and its version is 8.5.3 (https://hub.docker.com/_/elasticsearch), and we are going to use vscode as the editor to view and update the configuration of elasticsearch. Read more on attach to a running container

The configuration yaml file is at /usr/share/elasticsearch/config/elasticsearch.yml. Let’s open it to see what’s in it.

elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 21-12-2022 05:50:49
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["1c17b10563ba"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
Enter fullscreen mode Exit fullscreen mode

Let’s change some lines in the file as below.

Disable SSL

Set xpack.security.http.ssl.enabled as false

xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12
Enter fullscreen mode Exit fullscreen mode

Disable user authencation

This is no option to disable the authencation directly, instead, we are going to leverage the anonymous-access which perfect match our need. Add the follow section at the end of the elasticsearch.yml.

xpack.security.authc:
  anonymous:
    username: anonymous_user 
    roles: superuser
    authz_exception: true
Enter fullscreen mode Exit fullscreen mode

It does make sense to use roles other than superuser (I know it’s a big risk but anyway it’s up to you).

Then restart the elasticsearch server to apply the changes. If no errors reported, you will be able to visit the endpint on http and no authorization needed. Have fun!

References

Top comments (1)

Collapse
 
wangpin34 profile image
Penn

Published an docker image with modifications mentioned in the artcile. Just for convenience.