Cannot use self signed certs in Elasticsearch with Nextcloud / fulltextsearch_elasticsearch

Question

Cannot use self signed certs in Elasticsearch with Nextcloud / fulltextsearch_elasticsearch

grey-golem opened this issue a year ago · 3 comments

grey-golem commented a year ago

I have created a three node Elasticsearch 8 cluster on Debian 12 and created an index for Nextcloud.

The Elasticsearch cluster is using the self signed certs it generated when setting up basic security.

I can GET information from the cluster using curl. For example

curl -kX GET "https://elastic:PASSWORD-HERE@els-cluster:9200"

returns the information below with no error or prompt.

{
  "name" : "els01",
  "cluster_name" : "els-cluster",
  "cluster_uuid" : "PZ0ht_AZSea4VXwGvmM2mQ",
  "version" : {
    "number" : "8.8.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "f8edfccba429b6477927a7c1ce1bc6729521305e",
    "build_date" : "2023-06-05T21:32:25.188464208Z",
    "build_snapshot" : false,
    "lucene_version" : "9.6.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

When I attempt to kick off the initial indexing from Nextcloud I get the following error.

cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://els-cluster:92  
  00/

Is it possible to add an insecure parameter (like -k for curl) to the credentials for Nextcloud?

https://elastic:PASSWORD-HERE@els-cluster:9200

Or is this not possible? I want to prove this works before spending any more time on it.

Answer 1 · 2023-10-12T18:19:02.000Z

Same Issue

Answer 2 · 2023-10-12T18:22:18.000Z

This works:

INSERT INTO 'oc_appconfig' ('appid', 'configkey', 'configvalue') VALUES ('fulltextsearch_elasticsearch', 'allow_self_signed_cert', 'true');