Elasticsearch 8.8 cluster with self signed certificates

ro55mo · June 21, 2023, 10:35pm

Hi

I have just setup Elasticsearch 8.8 cluster with self signed certificates and created an index for nextcloud

The credentials I have to put into full text admin page are as follows

https://elastic:PASSWORD-HERE@els-cluster:9200/

When I reset

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:reset

And recreate the index on the Nextcloud server

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:index

It gives me an untrusted cert error.

In CurlFactory.php line 211:
cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://els-cluster:92  
  00/

Is there any way to add an --insecure parameter to the credentials for Nextcloud?

https://elastic:PASSWORD-HERE@els-cluster:9200/

Thanks

ro55mo · June 23, 2023, 10:17pm

So I can use the following cURL command

curl -kX GET "https://elastic:PASSWORD-HERE@els-cluster:9200"

from the terminal which works fine but I cannot find an equivalent to put into the Elasticsearch admin page for Nextcloud.

Elastic Search

Address of the Servlet:
Include your credential in case authentication is required

Adding the .p12 self signed certificates created by Elasticsearch into /etc/ssl/certs on the Nextcloud server and running

sudo update-ca-certificates

did not help. Neither did converting them to .pem and repeating the process.

Didn’t think this process would be as hard as it is proving to be.

gabrielelucci · July 2, 2023, 4:36pm

I’m experiencing the same exact issue, did you figure out a solution? It seems pretty ridiculous that you can’t use a TLS secured Elasticsearch instance with Nextcloud.

ro55mo · July 2, 2023, 5:56pm

Not yet.

The error states it comes from

CurlFactory.php line 211:

Which is useful. That file is located at (on my system at least)

/var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php

But the code in it doesn’t really mean anything to me.

I have tried playing about with some options in there but not had any luck so far.

EDIT:

Some more reading seems to point me in the direction of a piece of software called ‘guzzle’

The solution might be to figure out which file under

/var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle

allows for the disabling of SSL verification.

https://docs.guzzlephp.org/en/5.3/clients.html#verify

mistysign34 · September 25, 2023, 3:13am

That’s a great start I most say.

The program those use the guzzlehttp (apparently) and yes we are looking to disable the SSL verification (which I don’t recommend) so it could run curl which seems to be difficult. So the real question is there away to turn off the verification process?

could possibly be, that by going to apps/fulltextsearch_elasticsearch/vendor/elasticsearch/elasticsearch/src/ and viewing the file ClientBuilder

private bool $sslVerification = true; ? could this be missing link ?