Elasticsearch 8.8 cluster with self signed certificates

šŸ± Features & apps fulltextsearch
1

Hi

I have just setup Elasticsearch 8.8 cluster with self signed certificates and created an index for nextcloud

The credentials I have to put into full text admin page are as follows

https://elastic:PASSWORD-HERE@els-cluster:9200/

When I reset

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:reset

And recreate the index on the Nextcloud server

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:index

It gives me an untrusted cert error.

In CurlFactory.php line 211:
cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://els-cluster:92  
  00/

Is there any way to add an --insecure parameter to the credentials for Nextcloud?

https://elastic:PASSWORD-HERE@els-cluster:9200/

Thanks

2

So I can use the following cURL command

curl -kX GET "https://elastic:PASSWORD-HERE@els-cluster:9200"

from the terminal which works fine but I cannot find an equivalent to put into the Elasticsearch admin page for Nextcloud.

Elastic Search

Address of the Servlet:
Include your credential in case authentication is required

Adding the .p12 self signed certificates created by Elasticsearch into /etc/ssl/certs on the Nextcloud server and running

sudo update-ca-certificates

did not help. Neither did converting them to .pem and repeating the process.

Didnā€™t think this process would be as hard as it is proving to be.

3

Iā€™m experiencing the same exact issue, did you figure out a solution? It seems pretty ridiculous that you canā€™t use a TLS secured Elasticsearch instance with Nextcloud.

4

Not yet.

The error states it comes from

CurlFactory.php line 211:

Which is useful. That file is located at (on my system at least)

/var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php

But the code in it doesnā€™t really mean anything to me.

I have tried playing about with some options in there but not had any luck so far.

EDIT:

Some more reading seems to point me in the direction of a piece of software called ā€˜guzzleā€™

The solution might be to figure out which file under

/var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle

allows for the disabling of SSL verification.

https://docs.guzzlephp.org/en/5.3/clients.html#verify

5

Thatā€™s a great start I most say.

The program those use the guzzlehttp (apparently) and yes we are looking to disable the SSL verification (which I donā€™t recommend) so it could run curl which seems to be difficult. So the real question is there away to turn off the verification process?

could possibly be, that by going to apps/fulltextsearch_elasticsearch/vendor/elasticsearch/elasticsearch/src/ and viewing the file ClientBuilder

private bool $sslVerification = true; ? could this be missing link ?