SpringBoot 项目配置ES证书
将Elasticsearch节点上的config/certs/ca.crt文件复制到Spring Boot项目的src/main/resources/certs/目录下。如果目录不存在,请创建。运行该测试,如果输出状态码200,则表示连接成功。
·
生成证书在Elasticsearch节点上
登录到Elasticsearch服务器,执行以下命令:
# 进入Elasticsearch安装目录(假设为/usr/share/elasticsearch)
cd /usr/share/elasticsearch
# 生成CA证书(PEM格式)
bin/elasticsearch-certutil ca --pem
# 按提示输入CA密码(可选,但建议设置,这里假设密码为CaPassword123),生成ca.zip
# 解压ca.zip到config/certs/目录
unzip ca.zip -d config/certs/
# 生成节点证书(使用CA签名)
bin/elasticsearch-certutil cert --ca-cert config/certs/ca.crt --ca-key config/certs/ca.key --pem
# 按提示输入节点证书密码(可选,这里假设密码为NodePassword123),生成elastic-certificates.zip
# 解压到config/certs/目录
unzip elastic-certificates.zip -d config/certs/
# 查看生成的证书文件
ls config/certs/
# 应包含:ca.crt、ca.key、instance.crt、instance.key
配置Elasticsearch使用证书
编辑Elasticsearch配置文件config/elasticsearch.yml,添加以下内容:
# 启用安全特性
xpack.security.enabled: true
# 配置传输层SSL
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/instance.key
xpack.security.transport.ssl.certificate: certs/instance.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt
# 配置HTTP层SSL
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/instance.key
xpack.security.http.ssl.certificate: certs/instance.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt
# 设置网络主机(根据实际IP)
network.host: 10.9.36.22
重启Elasticsearch服务:
# 使用systemctl重启
sudo systemctl restart elasticsearch
验证Elasticsearch是否正常运行:
curl -k -u elastic:Dameng@8888 https://10.9.36.22:9200
# 应返回集群信息
配置Spring Boot项目
在Spring Boot 3项目中,进行以下配置:
将CA证书添加到项目中
将Elasticsearch节点上的config/certs/ca.crt文件复制到Spring Boot项目的src/main/resources/certs/目录下。如果目录不存在,请创建。
添加Maven依赖
确保pom.xml包含Elasticsearch和Spring Data依赖:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
配置application.properties
在src/main/resources/application.properties中设置连接信息:
spring.elasticsearch.uris=https://10.9.36.22:9200
spring.elasticsearch.username=elastic
spring.elasticsearch.password=Dameng@8888
创建Elasticsearch配置类
创建配置类ElasticsearchConfig.java,用于自定义RestClient,配置SSL上下文和基本认证:
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.elasticsearch.client.RestClient;
import javax.net.ssl.SSLContext;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
@Configuration
public class ElasticsearchConfig {
@Value("${spring.elasticsearch.uris}")
private String[] uris;
@Value("${spring.elasticsearch.username}")
private String username;
@Value("${spring.elasticsearch.password}")
private String password;
@Bean
public RestClient restClient() throws Exception {
// 加载CA证书
CertificateFactory factory = CertificateFactory.getInstance("X.509");
Certificate ca;
try (InputStream is = new ClassPathResource("certs/ca.crt").getInputStream()) {
ca = factory.generateCertificate(is);
}
// 创建KeyStore包含CA证书
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", ca);
// 创建SSLContext
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, null);
SSLContext sslContext = sslContextBuilder.build();
// 配置认证信息
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(username, password));
// 构建RestClient
return RestClient.builder(HttpHost.create(uris[0]))
.setHttpClientConfigCallback(httpClientBuilder -> {
httpClientBuilder.setSSLContext(sslContext);
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
return httpClientBuilder;
})
.build();
}
}
编写测试类验证连接
创建测试类ElasticsearchConnectionTest.java:
import org.elasticsearch.client.Request;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
public class ElasticsearchConnectionTest {
@Autowired
private RestClient restClient;
@Test
public void testConnection() throws Exception {
Request request = new Request("GET", "/");
Response response = restClient.performRequest(request);
int statusCode = response.getStatusLine().getStatusCode();
System.out.println("Response status code: " + statusCode);
assert statusCode == 200 : "连接失败,状态码:" + statusCode;
}
}
运行该测试,如果输出状态码200,则表示连接成功
社区地址:https://eco.dameng.com
火山引擎开发者社区是火山引擎打造的AI技术生态平台,聚焦Agent与大模型开发,提供豆包系列模型(图像/视频/视觉)、智能分析与会话工具,并配套评测集、动手实验室及行业案例库。社区通过技术沙龙、挑战赛等活动促进开发者成长,新用户可领50万Tokens权益,助力构建智能应用。
更多推荐
5
0- 0
已为社区贡献1条内容
所有评论(0)