Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch: 2.12.0
opensearch-dashboards: 2.12.0
OS: Debian
Browser: Chrome
Describe the issue:
I installed Opensearch and Opensearch Dashboards. It worked well after following the docs online.
However I decided to change the certificates to have my own (after following the generate-certificates tutorial and the information here Configure TLS - OpenSearch Documentation) and it started not working well. Opensearch still works and give replies when I curl and I can also access it.
But that’s not the case for Opensearch-Dashboards, it says :
curl: (7) Failed to connect to localhost port 5601 after 0 ms: Couldn’t connect to server
Configuration:
I installed Opensearch and Opensearch-Dashboard for Debian.
This is my opensearch.yml config:
######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
plugins.security.ssl.transport.pemcert_filepath: /etc/opensearch/node1.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/opensearch/node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: /etc/opensearch/node1.pem
plugins.security.ssl.http.pemkey_filepath: /etc/opensearch/node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- 'O=YYYYY,L=ZZZZZZZ,C=AA'
plugins.security.nodes_dn:
- 'CN=XXXXX,O=YYYYY,L=ZZZZZZZ, C=AA'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.allow_unsafe_democertificates: true
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [.plugins-ml-config, .plugins-ml-connector,
.plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task, .plugins-ml-conversation-meta,
.plugins-ml-conversation-interactions, .plugins-ml-memory-meta, .plugins-ml-memory-message,
.opendistro-alerting-config, .opendistro-alerting-alert*, .opendistro-anomaly-results*,
.opendistro-anomaly-detector*, .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state,
.opendistro-reports-*, .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability,
.ql-datasources, .opendistro-asynchronous-search-response*, .replication-metadata-store,
.opensearch-knn-models, .geospatial-ip2geo-data*, .plugins-flow-framework-config,
plugins-flow-framework-templates, .plugins-flow-framework-state] node.max_local_storage_nodes: 3
network.host: 0.0.0.0
discovery.type: single-node
And this is my opensearch_dashboards.yml config:
server.port: 5601
server.host: "0.0.0.0"
opensearch.hosts: [https://0.0.0.0:9200]
opensearch.ssl.verificationMode: full
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
opensearch.security.cookie.secure: false
server.ssl.enabled: false
server.ssl.certificate: /etc/opensearch/node1.pem
server.ssl.key: /etc/opensearch/node1-key.pem
opensearch.ssl.certificate: /etc/opensearch/admin.pem
opensearch.ssl.key: /etc/opensearch/admin-key.pem
opensearch.ssl.certificateAuthorities: [ "/etc/opensearch/root-ca.pem" ]