1
Zenarmor (Sensei) / External Elasticsearch 'not running'
« on: September 26, 2020, 12:39:18 pm »
Hi,
Need some help please with external Elasticsearch
I've been playing around with using a remote Elasticsearch instance in Azure, on an Ubuntu VM. A while back I had this working okay, although not secured (it was connecting to the ES instance over http://azure_ip:9200).
Then something broke, which was fine as it made me look at securing it properly
So, it seemed that one way to secure this was to configure SSL on the Elasticsearch installation with Nginx reverse proxy - which I did, and that appeared to work:
Then, I tried setting up Sensei with a fresh config and deleted the '/usr/local/sensei/etc/.configdone' file.
During the setup wizard, it complained about the Database URL as just:
But, I then click on Dashboard and get the error:
Checking the Sensei config and resetting the DB url, it now errors with:
But, running the test curl cmd from the opnsense shell works okay.
Any ideas on this error.
Or what's the recommended way to setup a secure, external ES instance ?
Thanks
Need some help please with external Elasticsearch
I've been playing around with using a remote Elasticsearch instance in Azure, on an Ubuntu VM. A while back I had this working okay, although not secured (it was connecting to the ES instance over http://azure_ip:9200).
Then something broke, which was fine as it made me look at securing it properly
So, it seemed that one way to secure this was to configure SSL on the Elasticsearch installation with Nginx reverse proxy - which I did, and that appeared to work:
Code: [Select]
❯ curl -u elastic:changeme -kL https://search.domain.co
{
"name" : "server1.cloudapp.azure.com",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "some-random-string",
"version" : {
"number" : "7.9.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "some-random-string",
"build_date" : "2020-09-23T00:45:33.626720Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Then, I tried setting up Sensei with a fresh config and deleted the '/usr/local/sensei/etc/.configdone' file.
During the setup wizard, it complained about the Database URL as just:
Code: [Select]
https://search.domain.co
So, adding the URL as Code: [Select]
https://search.domain.co:443
seemed to work and i could complete the setup.But, I then click on Dashboard and get the error:
Code: [Select]
Elasticsearch service is not running!
In order to view reports, you need to start Elasticsearch service.
Checking the Sensei config and resetting the DB url, it now errors with:
Code: [Select]
Elastic Search Database (https.//search.domain.co.443) cannot be reached. Please check your network connectivity and make sure the remote database is up and running.
But, running the test curl cmd from the opnsense shell works okay.
Any ideas on this error.
Or what's the recommended way to setup a secure, external ES instance ?
Thanks