So here is the update, Kibana can connect to Elasticsearch using but Logstash can’t using example quoted above, here is dump from Logstash logs
ESC[[2017-04-04T10:38:46,176][WARN ][logstash.outputs.elasticsearch] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
[2017-04-04T10:39:01,277][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://usertest123:xxxxxx@localhost:9200/]}}
[2017-04-04T10:39:01,279][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>https://usertest123:xxxxxx@localhost:9200/, :path=>"/"}
[2017-04-04T10:39:02,483][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTPS:0x73658e URL:https://usertest123:xxxxxx@localhost:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://usertest123:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[2017-04-04T10:39:02,531][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-04-04T10:39:02,554][WARN ][logstash.outputs.elasticsearch] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [https://usertest123:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused) {:url=>https://usertest123:xxxxxx@localhost:9200/, :error_message=>"Elasticsearch Unreachable: [https://usertest123:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2017-04-04T10:39:02,566][ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Elasticsearch Unreachable: [https://usertest123:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"
what version of Logstash is this and what plugin did you install in it?
Always paste the conf file.
Also, verify with curl -k 'https://127.0.0.1:9200' you can see the ES host.
How do you send request from logstash in order to make it work with elasticsearch if I use only “auth_key: logstash:logstash” before I used to write sth like in logstash “protocol … http” but in 5.3 it is not supported anymore
@mke in ES either you enable SSL or you don’t. What does it mean you’re just using http for Kibana?
In the elasticsearch.yml snippet you posted you activated SSL in the plugin, left the http.type commented. I don’t expect your SSL to work like this.
In ES confing I still have that http.type: ssl_netty4 with “#” if front so it is disabled as I understand SSL is off
So Logstash started working after I removed that part which I understand is not encrypted now
ssl => true
ssl_certificate_verification => false
Kibana uses default config with only that part changed:
elasticsearch.username: "usertest123"
elasticsearch.password: "passtest123"
and server.host: TO MY IP
If I enable http.type: ssl_netty4 in ES, Kibana has problem with authentication and I guess I would have to alter below part somehow, not sure how.
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
All I wanted from the beginning is SSL with self sign certificates
Cool, if you want self signed SSL between kibana daemon and Elasticsearch, then you need to put that to ‘none’ here above and modify the elasticsearch URL to be ‘https://…’ in kibana.yml
Don’t forget to re-enable SSL in elasticsearch.yml, including the http.type as I told you.
Once you’re done with that, go to logstash and do the equivalent you did to Kibana: tell it to connect using SSL, and disable the verification and point it to https://.