SpringBoot e-commerce project mall (40K + STAR) address: github.com/macrozheng/…
Abstract
In the “you actually return to the server on the log, build a log collection system is not sweet yao!” In this article, we introduced the ELK log collection system. Since our Kibana does not have any security mechanism, if deployed to the public network, anyone can view your logs. Log exposed on the network is not a good thing, today teaches you how to set up login authentication for Kibana to protect it.
Realize the principle of
All Kibana logs are stored in Elasticsearch. You only need to enable the security function in x-Pack for Elasticsearch and set a password for the preset account. Elasticsearch allows users, roles, and permissions to be managed in Kibana. The ELK version used in this article is 7.6.2.
Elasticsearch sets the password
- Modify the Elasticsearch configuration file and enable it
X-PACK
In the security feature, the configuration file is in the installation directoryconfig
Under a folder, for exampleElasticsearch - 7.6.2 \ config \ elasticsearch yml
;
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
Copy the code
-
To start the Elasticsearch service, run the command in the bin directory, for example, Elasticsearch -7.6.2\bin\ elasticSearch. bat.
-
Run the following command in the bin directory to change the password of the preset account: elasticsearch-setup-passwords interactive. During this period, you need to set multiple passwords. I set the passwords to 123456.
- During the setting of several accounts, let’s first understand these accounts have what role;
Elastic: super administrator account Kibana: Kibana Accesses the special account Logstash_system: Logstash Accesses the special account beats_system: FileBeat Accesses the special account APm_system: APM system special account remote_Monitoring_user: remote monitoring accountCopy the code
- Next we need to add an account that can access Elasticsearch to the Kibana configuration file in the installation directory
config
Under a folder, for exampleKibana - 7.6.2 \ config \ kibana yml
;
elasticsearch.username: "kibana"
elasticsearch.password: "123456"
Copy the code
-
To start the Kibana service, run the command in the bin directory, for example, kibana-7.6.2\bin\ Kibana.bat.
-
When Kibana is enabled, login authentication is required to access it using the super administrator account elastic:123456 at http://localhost:5601
- After a successful login in our
Management
You can find security-related configurations in options, where you can set users, roles, and permissions.
SpringBoot secure access
Elasticsearch has x-pack security enabled, so when accessing Elasticsearch our SpringBoot application will need to set the username and password as well!
-
We can set up a super administrator account directly in SpringBoot, but this is not a good idea. Let’s create our own role and account.
-
First, create an app_user role for app access in Kibana.
- Create a user and configure the role. The account password is
app:123456
;
- Example Modify the configuration file of the SpringBoot application
application.yml
, configure the account password can be normal access!
spring:
elasticsearch:
rest:
uris: http://localhost:9200
username: app
password: 123456
Copy the code
Logstash secure access
Elasticsearch has x-pack security enabled, so the Logstash for exporting logs to Elasticsearch also requires a username and password.
- Start by modifying our original Logstash configuration file
logstash.conf
In theoutput
Set the username and password to access Elasticsearchapp:123456
Account number is ok;
Input {TCP {mode => "server" host => "0.0.0.0" port => 4560 COdec => json_lines type => "debug"} TCP {mode => "Server" host => "0.0.0.0" port => 4561 COdec => json_lines type => "error"} TCP {mode => "server" host => "0.0.0.0" Port => 4562 codec => json_lines type => "business"} TCP {mode => "server" host => "0.0.0.0" port => 4563 codec => json_lines type => "record" } } filter{ if [type] == "record" { mutate { remove_field => "port" remove_field => "host" remove_field => "@version" } json { source => "message" remove_field => ["message"] } } } output { elasticsearch { hosts => ["localhost:9200"] action => "index" codec => json index => "mall-tiny-%{type}-%{+YYYY.MM.dd}" template_name => "mall-tiny" user => app password => "123456" } }Copy the code
- Start the Logstash service using the specified configuration file
bin
Directory, for exampleLogstash - 7.6.2 \ bin \ logstash bat
;
logstash -f logstash.conf
Copy the code
- Then you can see the application output log in Kibana!
Project source code address
Github.com/macrozheng/…
In this paper, making github.com/macrozheng/… Already included, welcome everyone Star!