Elasticsearch showing received plaintext http traffic on an https channel in console

Asked 16/3, 2022 at 6:1 Answered 8/8, 2023 at 7:48

I am trying to setup elasticsearch in my Windows system but when I am trying to run it its starting up and showing below reponse when I redirect to http://localhost:9200.

{
  "name" : "DESKTOP-L8UKCFI",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "z8IfZcFaQfSti3P4jhZxbg",
 "version" : {
   "number" : "8.1.0",
   "build_flavor" : "default",
   "build_type" : "zip",
   "build_hash" : "3700f7679f7d95e36da0b43762189bab189bc53a",
   "build_date" : "2022-03-03T14:20:00.690422633Z",
   "build_snapshot" : false,
   "lucene_version" : "9.0.0",
   "minimum_wire_compatibility_version" : "7.17.0",
   "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
 }

But in console its showing something like this

[2022-03-16T11:26:12,307][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [DESKTOP- 
L8UKCFI] received plaintext http traffic on an https channel, closing connection 
Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:5996}


[2022-03-16T11:31:56,806][WARN ] 
[o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [DESKTOP-L8UKCFI] http 
client did not trust this server's certificate, closing connection 
Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, 
remoteAddress=/[0:0:0:0:0:0:0:1]:6215}

elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 16-03-2022 06:55:18
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["DESKTOP-L8UKCFI"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

What does it mean someone let me know.

Loudhailer answered 16/3, 2022 at 6:1 Comment(5)

How are you hitting the cluster? curl or otherwise? – Alluvial 16/3, 2022 at 7:14

Directly in a browser url bar. using https://localhost:9200 – Loudhailer 16/3, 2022 at 7:23

I saw tutorials on internet where it is working on http port but is not working for me its working on https port why so but when I modify security to false in elasticsearch.yml then its wokring on http port. – Loudhailer 16/3, 2022 at 7:26

can please post your elasticsearch.yml file configuration as well – Rayerayfield 16/3, 2022 at 7:30

For those like me trying to use http in localhost:9200 — use https... took me a while to notice it – Microprint 2/6 at 23:27

As of ES 8, SSL/TLS is ON by default for HTTP clients.

The WARN message says

http client did not trust this server's certificate

... which means that you need to tell your browser to trust the server certificate. it is self-signed by default, so that's probably the reason.

Or you can simply disable SSL in your elasticsearch.yml configuration, that would also work.

Alluvial answered 16/3, 2022 at 7:33 Comment(6)

I have made the ssl false in elasticsearch.yml file manually then its working on http port – Loudhailer 16/3, 2022 at 7:35

That's also a solution, indeed. – Alluvial 16/3, 2022 at 7:36

Thats working fine. Now I am trying to run logstash but its shutting down automatically as I have passed csv file in logstah.conf file as an input. – Loudhailer 16/3, 2022 at 7:43

That's a different issue, this one is solved, you can then create a new thread. – Alluvial 16/3, 2022 at 7:43

Okk I am posting another question for that in a minute. – Loudhailer 16/3, 2022 at 7:45

Can u please look into this #71493912 – Loudhailer 16/3, 2022 at 7:55

As @Val has already answered the question above just posting the code new users who wants to disable the SSL.

# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later

Terminology answered 10/6, 2022 at 18:2 Comment(1)

File to update is -> config/elasticsearch.yml – Houck 16/7, 2023 at 13:3

As of ES 8, SSL/TLS is ON by default for HTTP clients.

The WARN message says

http client did not trust this server's certificate

... which means that you need to tell your browser to trust the server certificate. it is self-signed by default, so that's probably the reason.

Or you can simply disable SSL in your elasticsearch.yml configuration, that would also work.

Alluvial answered 16/3, 2022 at 7:33 Comment(6)

I have made the ssl false in elasticsearch.yml file manually then its working on http port – Loudhailer 16/3, 2022 at 7:35

That's also a solution, indeed. – Alluvial 16/3, 2022 at 7:36

Thats working fine. Now I am trying to run logstash but its shutting down automatically as I have passed csv file in logstah.conf file as an input. – Loudhailer 16/3, 2022 at 7:43

That's a different issue, this one is solved, you can then create a new thread. – Alluvial 16/3, 2022 at 7:43

Okk I am posting another question for that in a minute. – Loudhailer 16/3, 2022 at 7:45

Can u please look into this #71493912 – Loudhailer 16/3, 2022 at 7:55

Add the following to your environment variables:

- xpack.security.enabled=false

Full:

  b-elastic:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.4.0-arm64
    container_name: b-elastic
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms750m -Xmx750m
      - xpack.security.enabled=false
    volumes:
      - ./:/project
    ports:
      - 9200:9200

Trapshooting answered 28/8, 2022 at 15:33 Comment(1)

Thank you very much, the question didn't mention docker compose but this exactly what I needed. – Chloramine 28/6 at 22:31

Another way is to simply run elasticsearch as

./elasticsearch -E xpack.security.enabled=false

It basically runs it with SSL disabled, allowing you to create HTTP connections with it.

Jim answered 23/1, 2023 at 21:49 Comment(0)

http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:54479}

Simply means your browser is not trusting the software, so use https instead of http like https://localhost:9200/ it will work. I got this solution from internet

Medication answered 28/7, 2022 at 12:1 Comment(1)

"I got this solution from internet" is a very reliable source reference. – Altruist 8/9, 2023 at 13:3

I run this code and it worked in windows, to do your /bin folder and run this in terminal

elasticsearch -E xpack.security.enabled=false

Cringe answered 10/5, 2023 at 9:34 Comment(0)

You can try to do this through the environment variables when starting the docker container docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e=xpack.security.enabled=false -e=xpack.ml.enabled=false -e=action.destructive_requires_name=false oais-registr y.oais.by/elasticsearch:8.6.2

Sullen answered 8/8, 2023 at 7:48 Comment(0)

Recommended topics

Hot tags