# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please see the documentation for further information on configuration options: # # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # # cluster.name: my-application # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: elasticsearch-129 # # Add custom attributes to the node: # # node.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # # path.data: /path/to/data # # Path to log files: # # path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # # bootstrap.mlockall: true # # Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory # available on the system and that the owner of the process is allowed to use this limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 9.112.224.129 # # Set a custom port for HTTP: # # http.port: 9200 # # For more information, see the documentation at: # # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # # gateway.recover_after_nodes: 3 # # For more information, see the documentation at: # # # --------------------------------- Discovery ---------------------------------- # # Elasticsearch nodes will find each other via unicast, by default. # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # # discovery.zen.ping.unicast.hosts: ["host1", "host2"] # # Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): # # discovery.zen.minimum_master_nodes: 3 # # For more information, see the documentation at: # # # ---------------------------------- Various ----------------------------------- # # Disable starting multiple nodes on a single system: # # node.max_local_storage_nodes: 1 # # Require explicit names when deleting indices: # # action.destructive_requires_name: true ############################################################################################# # SEARCH GUARD SSL # # Configuration # ############################################################################################# #This will likely change with Elasticsearch 2.2, see [PR 14108](https://github.com/elastic/elasticsearch/pull/14108) security.manager.enabled: false ############################################################################################# # Transport layer SSL # # # ############################################################################################# # Enable or disable node-to-node ssl encryption (default: true) #searchguard.ssl.transport.enabled: false # JKS or PKCS12 (default: JKS) #searchguard.ssl.transport.keystore_type: PKCS12 # Relative path to the keystore file (mandatory, this stores the server certificates), must be placed under the config/ dir searchguard.ssl.transport.keystore_filepath: elasticsearch-129-keystore.jks # Alias name (default: first alias which could be found) searchguard.ssl.transport.keystore_alias: elasticsearch-129 # Keystore password (default: changeit) searchguard.ssl.transport.keystore_password: aq1sw2de # JKS or PKCS12 (default: JKS) #searchguard.ssl.transport.truststore_type: PKCS12 # Relative path to the truststore file (mandatory, this stores the client/root certificates), must be placed under the config/ dir searchguard.ssl.transport.truststore_filepath: truststore.jks # Alias name (default: first alias which could be found) searchguard.ssl.transport.truststore_alias: root_ca # Truststore password (default: changeit) searchguard.ssl.transport.truststore_password: aq1sw2de # Enforce hostname verification (default: true) #searchguard.ssl.transport.enforce_hostname_verification: true # If hostname verification specify if hostname should be resolved (default: true) #searchguard.ssl.transport.resolve_hostname: true # Use native Open SSL instead of JDK SSL if available (default: true) #searchguard.ssl.transport.enable_openssl_if_available: false ############################################################################################# # HTTP/REST layer SSL # # # ############################################################################################# # Enable or disable rest layer security - https, (default: false) #searchguard.ssl.http.enabled: true # JKS or PKCS12 (default: JKS) #searchguard.ssl.http.keystore_type: PKCS12 # Relative path to the keystore file (this stores the server certificates), must be placed under the config/ dir #searchguard.ssl.http.keystore_filepath: keystore_https_node1.jks # Alias name (default: first alias which could be found) #searchguard.ssl.http.keystore_alias: my_alias # Keystore password (default: changeit) #searchguard.ssl.http.keystore_password: changeit # Do the clients (typically the browser or the proxy) have to authenticate themself to the http server, default is false #searchguard.ssl.http.enforce_clientauth: false # JKS or PKCS12 (default: JKS) #searchguard.ssl.http.truststore_type: PKCS12 # Relative path to the truststore file (this stores the client certificates), must be placed under the config/ dir #searchguard.ssl.http.truststore_filepath: truststore_https.jks # Alias name (default: first alias which could be found) #searchguard.ssl.http.truststore_alias: my_alias # Truststore password (default: changeit) #searchguard.ssl.http.truststore_password: changeit # Use native Open SSL instead of JDK SSL if available (default: true) #searchguard.ssl.http.enable_openssl_if_available: false