在CentOS环境下配置Filebeat以使用SSL证书,可以确保数据传输的安全性。以下是详细的步骤指南:
首先,你需要获取SSL证书。你可以从受信任的证书颁发机构(CA)购买证书,或者使用Let’s Encrypt等免费服务生成自签名证书。
sudo yum install certbot python2-certbot-nginx
sudo certbot certonly --standalone -d yourdomain.com
这将生成证书文件和私钥文件,通常位于/etc/letsencrypt/live/yourdomain.com/目录下。
编辑Filebeat的配置文件/etc/filebeat/filebeat.yml,添加或修改以下配置项:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["https://your_elasticsearch_host:9200"]
ssl.verification_mode: certificate
ssl.certificate_authorities: ["/etc/letsencrypt/live/yourdomain.com/fullchain.pem"]
ssl.certificate: "/etc/letsencrypt/live/yourdomain.com/privkey.pem"
ssl.key: "/etc/letsencrypt/live/yourdomain.com/privkey.pem"
确保Elasticsearch已经配置为接受SSL连接。编辑Elasticsearch的配置文件/etc/elasticsearch/elasticsearch.yml,添加或修改以下配置项:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
http.ssl.enabled: true
http.ssl.certificate: /etc/elasticsearch/certs/elastic-certificates.p12
http.ssl.key: /etc/elasticsearch/certs/elastic-certificates.p12
重启Filebeat和Elasticsearch服务以应用更改:
sudo systemctl restart filebeat
sudo systemctl restart elasticsearch
确保Filebeat能够成功连接到Elasticsearch并发送数据。你可以查看Filebeat的日志文件/var/log/filebeat/filebeat以确认连接状态:
tail -f /var/log/filebeat/filebeat
通过以上步骤,你应该能够在CentOS环境下成功配置Filebeat使用SSL证书。