CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-25 18:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable SSL in elastic

Browse Source
This commit is contained in:
Mike Reeves
2020-08-10 21:18:03 -04:00
parent 92cc176b6d
commit e7cd527d49
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/elasticsearch/files/elasticsearch.yml
View File

@@ -5,6 +5,7 @@
{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %}
{%- endif %}
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
cluster.name: "{{ ESCLUSTERNAME }}"
network.host: 0.0.0.0
@@ -22,6 +23,17 @@ cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 95%
cluster.routing.allocation.disk.watermark.high: 98%
cluster.routing.allocation.disk.watermark.flood_stage: 98%
{%- if FEATURES is sameas true %}
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /ca/elasticsearch.key
xpack.security.http.ssl.certificate: /ca/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /ca/ca.crt
xpack.security.transport.ssl.key: /ca/elasticsearch.key
xpack.security.transport.ssl.certificate: /ca/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: /ca/ca.crt
{%- endif %}
node.attr.box_type: {{ NODE_ROUTE_TYPE }}
node.name: {{ ESCLUSTERNAME }}
script.max_compilations_rate: 1000/1m