根据官方Doc,推出了一个es栈: https ://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html
弹性码头-tls.yml:
version: '2.2'
services:
es01:
build:
context: elasticsearch/
args:
ELK_VERSION: $ELK_VERSION
container_name: es01
environment:
- node.name=es01
#- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02
- cluster.initial_master_nodes=es01,es02
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms560m -Xmx560m"
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data01:/usr/share/elasticsearch/
- certs:$CERTS_DIR
- ./es01.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 8200:9200
networks:
- elastic
healthcheck:
test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
es02:
build:
context: elasticsearch/
args:
ELK_VERSION: $ELK_VERSION
container_name: es02
environment:
- node.name=es02
# - cluster.name=es-docker-cluster
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01,es02
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms560m -Xmx560m"
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es02/es02.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es02/es02.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es02/es02.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es02/es02.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data02:/usr/share/elasticsearch/data
- certs:$CERTS_DIR
- ./es02.yml:/usr/share/elasticsearch/config/elasticsearch.yml
networks:
- elastic
kib01:
image: docker.elastic.co/kibana/kibana:${VERSION}
container_name: kib01
# depends_on: {"es01": {"condition": "service_healthy"}}
depends_on:
- es01
ports:
- 8017:5601
environment:
SERVERNAME: localhost
ELASTICSEARCH_URL: https://es01:9200
ELASTICSEARCH_HOSTS: https://es01:9200
#ELASTICSEARCH_USERNAME: kibana_system
#ELASTICSEARCH_PASSWORD: Z8rG7q8qJSqVMEiLPfjr
ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: $CERTS_DIR/ca/ca.crt
#SERVER_SSL_ENABLED: "true"
#SERVER_SSL_KEY: $CERTS_DIR/kib01/kib01.key
#SERVER_SSL_CERTIFICATE: $CERTS_DIR/kib01/kib01.crt
volumes:
- certs:$CERTS_DIR
- ./kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
- elastic
volumes:
data01:
driver: local
data02:
driver: local
certs:
driver: local
networks:
elastic:
driver: bridge
创建-certs.yml:
version: '2.2'
services:
create_certs:
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION}
container_name: create_certs
command: >
bash -c '
yum install -y -q -e 0 unzip;
if [[ ! -f /certs/bundle.zip ]]; then
bin/elasticsearch-certutil cert --in config/certificates/instances.yml -out /certs/bundle.zip;
unzip /certs/bundle.zip -d /certs;
fi;
chown -R 1000:0 /certs
'
working_dir: /usr/share/elasticsearch
volumes:
- certs:/certs
- .:/usr/share/elasticsearch/config/certificates
networks:
- elastic
volumes:
certs:
driver: local
networks:
elastic:
driver: bridge
我使用 Elasticsearch-PHP 在同一台服务器上连接 es stack、codes 和 es stack:
$keyId = 'GTgJG3sBDORPnSPT4jWM';
$apiKey = 'E2uXuQGfT4KBHbqrsqTdVw';
$myCert = '/var/lib/docker/volumes/es_certs/_data/ca/ca.crt';
$client = \Elasticsearch\ClientBuilder::create()
->setHosts([[
'host' => '127.0.0.1',
'port' => '8200',
'scheme' => 'https'
]])
->setSSLVerification($myCert)
->setApiKey($keyId, $apiKey)
->build();
$client->ping();
我得到:
An uncaught Exception was encountered
Type: Elasticsearch\Common\Exceptions\Forbidden403Exception
Message: Unknown 403 error from Elasticsearch null
Filename: /mydata/www/tijian/vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php
Line Number: 683
并且没有登录docker-compose,如何通过Elasticsearch-PHP连接tls es stack?