IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Securing the Reporting Endpoints
editSecuring the Reporting Endpoints
editIn a production environment, you should restrict access to the X-Pack reporting endpoints to authorized users. This requires that you:
- Enable X-Pack security on your Elasticsearch cluster. For more information, see Getting started with security.
- Configure an SSL certificate for Kibana. For more information, see Configuring Security.
-
Configure Watcher to trust the Kibana server’s certificate by adding it to the Watcher truststore on each node:
-
Import the Kibana server certificate into the Watcher truststore using Java Keytool:
keytool -importcert -keystore watcher-truststore.jks -file server.crt
If the truststore doesn’t already exist, it is created.
-
Make sure the
xpack.http.ssl.truststore.path
setting inelasticsearch.yml
specifies the location of the Watcher truststore.
-
- Add one or more users who have the permissions necessary to use Kibana and X-Pack reporting. For more information, see Reporting and Security.
Once you’ve enabled SSL for Kibana, all requests to the X-Pack reporting endpoints
must include valid credentials. For example, see the following page which
includes a watch that submits requests as the built-in elastic
user:
Automating Report Generation.
For more information about configuring watches, see How Watcher works.