Encrypting communications in Kibana or Logstash on Docker

[Patrick-kuo]

Hi there,

I have follow this "Encrypting communications in an Elasticsearch Docker Container", and my questions are

1. after docker-compose up, I was not able to login to https://localhost:9200 with password that written in .env file; therefore I try the "elasticsearch-setup-passwords" tool to generate all user's password, also include elastic user's password to make me access. Not sure why it is not getting the right password (ELASTIC_PASSWORD) in .env file?

2. The document only provide docker compose file with elaticsearch properties, do we have Kibana and Logstash's part of setting up ssl/tls?

Note: I entered to the elasticsearch, and I did see the certs folder with all the *.crt and *.key files。

Master node of elasticsearch's Logs:

[2019-07-25T10:25:55,589][WARN ][o.e.h.n.Netty4HttpServerTransport] [elasticsearch] caught exception while handling client http traffic, closing connection [id: 0x5723936a, L:0.0.0.0/0.0.0.0:9200 ! R:/172.24.0.6:46408] io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 48454144202f20485454502f312e310d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f6a736f6e0d0a486f73743a20656c61737469637365617263683a393230300d0a557365722d4167656e743a204d616e7469636f726520302e362e340d0a4163636570742d456e636f64696e673a20677a69702c6465666c6174650d0a417574686f72697a6174696f6e3a204261736963206247396e633352686332686663336c7a644756744f6c42735a57467a5a554e6f5957356e5a55316c0d0a0d0a at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:656) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:556) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:510) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:470) [netty-transport-4.1.32.Final.jar:4.1.32.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:909) [netty-common-4.1.32.Final.jar:4.1.32.Final] at java.lang.Thread.run(Thread.java:835) [?:?] Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 48454144202f20485454502f312e310d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f6a736f6e0d0a486f73743a20656c61737469637365617263683a393230300d0a557365722d4167656e743a204d616e7469636f726520302e362e340d0a4163636570742d456e636f64696e673a20677a69702c6465666c6174650d0a417574686f72697a6174696f6e3a204261736963206247396e633352686332686663336c7a644756744f6c42735a57467a5a554e6f5957356e5a55316c0d0a0d0a at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1182) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1247) ~[netty-handler-4.1.32.Final.jar:4.1.32.Final] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-codec-4.1.32.Final.jar:4.1.32.Final] [2019-07-25T10:25:57,227][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [elasticsearch] http client did not trust this server's certificate, closing connection [id: 0x67032416, L:0.0.0.0/0.0.0.0:9200 ! R:/172.24.0.6:46414] [2019-07-25T10:26:02,234][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [elasticsearch] http client did not trust this server's certificate, closing connection [id: 0x03040462, L:0.0.0.0/0.0.0.0:9200 ! R:/172.24.0.6:46426]

[Patrick-kuo]

Somehow I found the sample from elastic's github, it solve my issue, here is "the Link" for people who need it, cheers!