How to configure .opendistro_security index with HTTP

judo · November 10, 2020, 9:25pm

Hi,

I’m running Opendistro Elasticsearch 0.10.0. It’s an internal service so I set below to false to allow http:
opendistro_security.ssl.http.enabled: false

Nothing else changed.

With default setting “opendistro_security.ssl.http.enabled: true”, I’m able to run below
curl -k --cert kirk.pem --key kirk-key.pem -X PUT -H “Content-Type: application/json” -d ‘{“settings”:{“auto_expand_replicas”: “0-6”}}’ https://localhost:9200/.opendistro_security/_settings
{“acknowledged”:true}

With that setting to false, and change above url from https to http, I got “Unauthorized”.
With https, I got “routines:CONNECT_CR_SRVR_HELLO:wrong version number”
I tried to add admin user with roles, but that didn’t work either.

Is there any way I can change security index settings with http allowed?
Thanks!

judo · November 13, 2020, 3:17pm

FYI, I started another Elasticsearch instance with SSL enabled, it can join existing cluster. Then I’m able to change setting on that new instance with that curl command to localhost.
Not sure whether there is other better way to do this.

Topic		Replies	Views
Opendistro_security.ssl.http.enabled property Security	3	610	July 9, 2021
Strict-Transport-Security for opendistro Security security-issue	2	731	February 3, 2021
Setting up SSL with OpenID Security	4	2091	July 16, 2021
Оpendistro-security with ELK (basic license) Open Source Elasticsearch and Kibana	2	1119	March 26, 2021
How can I send logs to elasticsearch without username and password. But with enabled security plugin Security	7	1635	August 25, 2021

How to configure .opendistro_security index with HTTP

Related topics