docker run -d --name es01 --net elastic-net   -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node"  -e "xpack.security.enabled=false"  docker.elastic.co/elasticsearch/elasticsearch:8.10.2

docker exec -it es01 bash

docker restart es01

docker run -d --name es01 --net elastic-net -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node"  -e "xpack.security.enabled=true"  -e "xpack.security.transport.ssl.enabled=true"  -e "xpack.security.transport.ssl.verification_mode=certificate"   -e "xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certs/elastic-certificates.p12" -e "xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certs/elastic-stack-ca.p12" docker.elastic.co/elasticsearch/elasticsearch:8.10.2

./bin/elasticsearch-certutil ca --out elastic-stack-ca.p12 --pass ""
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --ca-pass "" --out elastic-certificates.p12 --pass ""

密码不正确,是如下的提示,使用如下的命令解决。

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

```shell
[2024-11-13T21:09:12,134][ERROR][o.e.b.Elasticsearch      ] [JianchaodeMacBook-Pro.local] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/Users/jianchaojia/Desktop/Code/tools/elasticsearch-8.16.0/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
    at org.elasticsearch.xcore@8.16.0/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:620)
    at java.base/java.util.HashMap.forEach(HashMap.java:1429)
    at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1707)
    at org.elasticsearch.xcore@8.16.0/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:616)
    at org.elasticsearch.xcore@8.16.0/org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:160)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.

ℹ️ Password for the elastic user (reset with bin/elasticsearch-reset-password -u elastic):
su=oYdbx-fnYD4NtEN+m

ℹ️ HTTP CA certificate SHA-256 fingerprint:
7d632208f123bb888c69d43775632636db3b446836037b5bd20c3b7d5a17fbbe

ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTAwLjgwLjYwLjU3OjkyMDEiXSwiZmdyIjoiN2Q2MzIyMDhmMTIzYmI4ODhjNjlkNDM3NzU2MzI2MzZkYjNiNDQ2ODM2MDM3YjViZDIwYzNiN2Q1YTE3ZmJiZSIsImtleSI6IjJ0QmFKWk1Ca3pUdXkyMUQxTlN6OktHZjBPRzI0VGhtYTR5MVowZE5kZXcifQ==

ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with bin/elasticsearch-create-enrollment-token -s node.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with bin/elasticsearch --enrollment-token <token>, using the enrollment token that you generated.