disable SSL
and user authencation
For local elasticsearch
, sometimes we’d like to visit the instance without SSL(so that we can visit elastic on HTTP not HTTPS) and authencation. This article shows up how to diable the SSL and the authencation.
ps. The instance in the sample is hosted as a docker image and its version is 8.5.3
(https://hub.docker.com/_/elasticsearch), and we are going to use vscode as the editor to view and update the configuration of elasticsearch. Read more on attach to a running container
The configuration yaml file is at /usr/share/elasticsearch/config/elasticsearch.yml
. Let’s open it to see what’s in it.
elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 21-12-2022 05:50:49
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["1c17b10563ba"]
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
Let’s change some lines in the file as below.
Disable SSL
Set xpack.security.http.ssl.enabled
as false
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
Disable user authencation
This is no option to disable the authencation directly, instead, we are going to leverage the anonymous-access
which perfect match our need. Add the follow section at the end of the elasticsearch.yml
.
xpack.security.authc:
anonymous:
username: anonymous_user
roles: superuser
authz_exception: true
It does make sense to use roles other than superuser
(I know it’s a big risk but anyway it’s up to you).
Then restart the elasticsearch server to apply the changes. If no errors reported, you will be able to visit the endpint on http and no authorization needed. Have fun!
Top comments (1)
Published an docker image with modifications mentioned in the artcile. Just for convenience.