使用 docker 启动了 elasticsearch 8.0 ,因为这个版本的 es 是使用 https 请求的,所以 curl 测试的时候要带上自签证书
curl --cacert http_ca.crt -u elastic:elastic123 https://127.0.0.1:9200
想暴露一部分接口给公网访问,就用 nginx 反代,nginx 的域名已经使用了 acme 签发的证书,前面我还在想 nginx 怎么配置 localtion /es/ 那部分的证书,大概参考了这个文档:
https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/
但实际上,反代之后,请求 https://reverse.com/es/ 的域名,location /es/ {} 下不用配置 elasticsearch 自签的证书都可以,这个是什么原理?
location /es/ {
proxy_pass https://127.0.0.1:9200/;
include proxy.conf;
}
本地不带证书请求会错误
curl -u elastic:elastic123 https://127.0.0.1:9200
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
请求反代的域名直接可以
curl -u elastic:elastic123 https://reverse.com/es/
{
"name" : "xx",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "xx",
"version" : {
"number" : "8.2.3",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "xx",
"build_date" : "xx",
"build_snapshot" : false,
"lucene_version" : "9.1.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.