一、创建自签名证书
1)创建目录
mkdir -p /home/ws/docker/elastic/search
cd /home/ws/docker/elastic/search
mkdir -p config/certs config/container
2)创建四个文件
cd config/container
环境变量文件 .env
ELASTICSEARCH_IMAGE_VERSION=7.17.6
COMPOSE_PROJECT_NAME=es
CERTS_DIR=/usr/share/elasticsearch/config/certificates
ELASTIC_PASSWORD=Study123
实例证书配置文件 instances.yml
instances:
- name: es.home.cloud
dns:
- es01
- localhost
- 192.168.3.26
ip:
- 192.168.3.26
- 172.18.37.2
- name: es02.home.cloud
dns:
- es02
- localhost
ip:
- 172.18.37.3
- name: es03.home.cloud
dns:
- es03
- localhost
ip:
- 172.18.37.4
创建证书的运行文件 create-certs.yml
version: '2.2'
services:
create_certs:
container_name: create_certs
image: elasticsearch:$ELASTICSEARCH_IMAGE_VERSION
command: >
bash -c '
if [[ ! -f /certs/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
unzip /certs/bundle.zip -d /certs;
fi;
chown -R 1000:0 /certs
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes:
- ../certs:/certs
- .:/usr/share/elasticsearch/config/certificates
networks:
- es-net
networks:
es-net:
name: esnet
driver: bridge
ipam:
driver: default
config:
- subnet: 172.18.37.0/24
gateway: 172.18.37.1
创建运行脚本文件 make-certs.sh
touch make-certs.sh
chmod a+x make-certs.sh
vim make-certs.sh
#!/bin/sh
docker-compose -f ./create-certs.yml run --rm create_certs
3)生成证书文件
./make-certs.sh
二、本地安装证书
1)下载证书
使用XFTP 7 将服务器上的证书下载到本地磁盘
