How to configure .opendistro_security index with HTTP

judo · November 10, 2020, 9:25pm

Hi,

I’m running Opendistro Elasticsearch 0.10.0. It’s an internal service so I set below to false to allow http:
opendistro_security.ssl.http.enabled: false

Nothing else changed.

With default setting “opendistro_security.ssl.http.enabled: true”, I’m able to run below
curl -k --cert kirk.pem --key kirk-key.pem -X PUT -H “Content-Type: application/json” -d ‘{“settings”:{“auto_expand_replicas”: “0-6”}}’ https://localhost:9200/.opendistro_security/_settings
{“acknowledged”:true}

With that setting to false, and change above url from https to http, I got “Unauthorized”.
With https, I got “routines:CONNECT_CR_SRVR_HELLO:wrong version number”
I tried to add admin user with roles, but that didn’t work either.

Is there any way I can change security index settings with http allowed?
Thanks!

judo · November 13, 2020, 3:17pm

FYI, I started another Elasticsearch instance with SSL enabled, it can join existing cluster. Then I’m able to change setting on that new instance with that curl command to localhost.
Not sure whether there is other better way to do this.

Topic		Replies	Views
Opendistro_security.ssl.http.enabled property Security	3	525	July 9, 2021
Strict-Transport-Security for opendistro Security security-issue	2	635	February 3, 2021
Setting up SSL with OpenID Security	4	1974	July 16, 2021
How can I send logs to elasticsearch without username and password. But with enabled security plugin Security	7	1414	August 25, 2021
Facing issues with Opendistro Security Plugin Security	1	581	March 11, 2021

How to configure .opendistro_security index with HTTP

Related Topics