yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/css/umn/css_01_0181.html
zhengxiu 93d856d5c5 css umn 25.6.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-11-25 11:34:43 +00:00

856 lines
104 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001938377780"></a><a name="EN-US_TOPIC_0000001938377780"></a>
<h1 class="topictitle1">Configuring a Dedicated Load Balancer for an Elasticsearch Cluster</h1>
<div id="body0000001463558301"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p16921115418492">CSS integrates shared load balancers, through which you can enable access to a cluster from the public network as well as through the VPC Endpoint service. Dedicated load balancers provide higher performance and more diverse features than shared load balancers. This topic describes how to configure a dedicated load balancer for a cluster.</p>
<div class="section" id="EN-US_TOPIC_0000001938377780__section536538175612"><h4 class="sectiontitle">Scenarios</h4><div class="p" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p156616495323">Advantages of connecting to a cluster through a dedicated load balancer:<ul id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_ul4633558183713"><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_li5633135813710">A non-security cluster can also use the capabilities of the Elastic Load Balance (ELB) service.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_li17634145883713">You can use custom certificates for HTTPS two-way authentication.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_li063495816379">Seven-layer traffic monitoring and alarm configuration are supported, allowing you to keep close track of the cluster status.</li></ul>
</div>
<p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p10265850101218">There are eight different ELB service forms for clusters in different security modes to connect to a dedicated load balancer. <a href="#EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table4446327845">Table 1</a> describes the ELB capabilities for different cluster configurations. <a href="#EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table1537163912019">Table 2</a> describes the configurations for different ELB service forms.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table4446327845"></a><a name="en-us_topic_0000001463358273_table4446327845"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table4446327845" frame="border" border="1" rules="all"><caption><b>Table 1 </b>ELB capabilities for different clusters</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row4446127145"><th align="left" class="cellrowborder" valign="top" width="18.94%" id="mcps1.3.2.4.2.6.1.1"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p54462271544">Security Mode</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="27.060000000000002%" id="mcps1.3.2.4.2.6.1.2"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p114467271947">Service Form Provided by ELB for External Systems</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.4.2.6.1.3"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p3582618154718">ELB Load Balancing</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.4.2.6.1.4"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1582618134712">ELB Traffic Monitoring</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.4.2.6.1.5"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p11582218134710">ELB Two-way Authentication</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row2447527049"><td class="cellrowborder" rowspan="2" valign="top" width="18.94%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1044715275413">Non-security</p>
</td>
<td class="cellrowborder" valign="top" width="27.060000000000002%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1544712276420">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p5447162710417">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1044719276412">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p2044717271411">No</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row9447132710410"><td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p544711271341">One-way authentication</p>
<p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1230643764014">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p20447327145">Yes</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p94474272045">Yes</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p124471227649">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row11447172714420"><td class="cellrowborder" rowspan="2" valign="top" width="18.94%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1044712271441">Security mode + HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="27.060000000000002%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p17447727547">Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p64471927643">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p44474277417">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p17448827543">No</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row1944819273415"><td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p9448142715417">One-way authentication + Password authentication</p>
<p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p194314694019">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p14481627746">Yes</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p204481827847">Yes</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p164481127447">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row24487273416"><td class="cellrowborder" valign="top" width="18.94%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p166041448144519">Security mode + HTTPS</p>
</td>
<td class="cellrowborder" valign="top" width="27.060000000000002%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1144818274413">One-way authentication + Password authentication</p>
<p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p7932175719401">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p144812279410">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p13448192715420">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p84481327041">Yes</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table1537163912019"></a><a name="en-us_topic_0000001463358273_table1537163912019"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_table1537163912019" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Configurations for different ELB service forms depending on the cluster</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__row0890131614414"><th align="left" class="cellrowborder" rowspan="2" valign="top" width="8.719128087191281%" id="mcps1.3.2.5.2.9.1.1"><p id="EN-US_TOPIC_0000001938377780__p207431936124110"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b1092541572918">Security Mode</strong></p>
</th>
<th align="left" class="cellrowborder" rowspan="2" valign="top" width="19.22807719228077%" id="mcps1.3.2.5.2.9.1.2"><p id="EN-US_TOPIC_0000001938377780__p474373616417"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b135842197484">Service Form Provided by ELB for External Systems</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.028897110288971%" id="mcps1.3.2.5.2.9.1.3"><p id="EN-US_TOPIC_0000001938377780__p574323674115"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b693411512291">ELB Listener</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.028897110288971%" id="mcps1.3.2.5.2.9.1.4"><p id="EN-US_TOPIC_0000001938377780__p5301143041115"><strong id="EN-US_TOPIC_0000001938377780__b589572326">ELB Listener</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.998800119988001%" id="mcps1.3.2.5.2.9.1.5"><p id="EN-US_TOPIC_0000001938377780__p153011130161110"><strong id="EN-US_TOPIC_0000001938377780__b1601721018">ELB Listener</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.998800119988001%" id="mcps1.3.2.5.2.9.1.6"><p id="EN-US_TOPIC_0000001938377780__p157443364411"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b893501562911">Backend Server Group</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.998800119988001%" id="mcps1.3.2.5.2.9.1.7"><p id="EN-US_TOPIC_0000001938377780__p1676633371120"><strong id="EN-US_TOPIC_0000001938377780__b1577160186">Backend Server Group</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="13.998600139986003%" id="mcps1.3.2.5.2.9.1.8"><p id="EN-US_TOPIC_0000001938377780__p157664336117"><strong id="EN-US_TOPIC_0000001938377780__b1473937018">Backend Server Group</strong></p>
</th>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row3923202118418"><th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.1"><p id="EN-US_TOPIC_0000001938377780__p1344134016418"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b13935131517299">Frontend Protocol</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.2"><p id="EN-US_TOPIC_0000001938377780__p934494014119"><strong id="EN-US_TOPIC_0000001938377780__b7652736172917">Frontend Port</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.3"><p id="EN-US_TOPIC_0000001938377780__p7344104014115"><strong id="EN-US_TOPIC_0000001938377780__b645134752817">SSL Authentication</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.4"><p id="EN-US_TOPIC_0000001938377780__p1558574312414"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b20937115112917">Backend Protocol</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.5"><p id="EN-US_TOPIC_0000001938377780__p15861343114113"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b993881572917">Health Check Port</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.2.9.2.6"><p id="EN-US_TOPIC_0000001938377780__p135867436417"><strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_b793819151290">Health Check Path</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row598183911015"><td class="cellrowborder" rowspan="3" valign="top" width="8.719128087191281%" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p99803912018">Non-security</p>
</td>
<td class="cellrowborder" valign="top" width="19.22807719228077%" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p11985396010">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="11.028897110288971%" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p898839007">HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="11.028897110288971%" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p49813391206">9200</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p99813391800">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p4981339104">HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.7 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p10981139206">9200</p>
</td>
<td class="cellrowborder" rowspan="3" valign="top" width="13.998600139986003%" headers="mcps1.3.2.5.2.9.1.8 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p10981397015">/</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row18350141410368"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p5239619173617">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1423951923613">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p323913196364">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p17239161973619">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1239191923614">HTTP</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p172391919143613">9200</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row0981739509"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p13983397012">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p109812391505">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p10988392017">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p13988391301">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p17984391502">HTTP</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p9981239300">9200</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row209818396010"><td class="cellrowborder" rowspan="3" valign="top" width="8.719128087191281%" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p698193919017">Security mode + HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="19.22807719228077%" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1798163912012">Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="11.028897110288971%" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p59813391003">HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="11.028897110288971%" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p7981139706">9200</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1399439404">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p189963915011">HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="11.998800119988001%" headers="mcps1.3.2.5.2.9.1.7 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p3991639302">9200</p>
</td>
<td class="cellrowborder" rowspan="5" valign="top" width="13.998600139986003%" headers="mcps1.3.2.5.2.9.1.8 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p11991339305">/_opendistro/_security/health</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row20476103783617"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p742154233610">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p6421542143614">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p24211542133615">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p342114263613">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p8421184263616">HTTP</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p184221742153617">9200</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row69910397017"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p69917391408">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p139917390018">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p189913393018">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p199912391900">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p18991539306">HTTP</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p7991039505">9200</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row2099203914015"><td class="cellrowborder" rowspan="2" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p699639209">Security mode + HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p79916391501">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p49916392009">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p7991139501">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p159912391107">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p69923912010">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.7 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p19919391908">9200</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_row1639069153714"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.1 mcps1.3.2.5.2.9.2.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p72910157371">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.2 mcps1.3.2.5.2.9.2.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p16291915153720">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.3 mcps1.3.2.5.2.9.2.3 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p2029121518379">9200</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.4 mcps1.3.2.5.2.9.2.4 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p42921563718">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.5 mcps1.3.2.5.2.9.2.5 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p1529101519373">HTTPS</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.2.9.1.6 mcps1.3.2.5.2.9.2.6 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463358273_p12918156373">9200</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001938377780__section22231398610"><h4 class="sectiontitle">Constraints</h4><ul id="EN-US_TOPIC_0000001938377780__ul9214174014916"><li id="EN-US_TOPIC_0000001938377780__li152142401996">You are not advised to connect a load balancer that has been associated with a public IP address to a non-security mode cluster. Allowing public network access through such a load balancer may cause security risks because a non-security mode cluster can be accessed via HTTP without security authentication.</li><li id="EN-US_TOPIC_0000001938377780__li1821418408915">HTTPS-enabled security-mode clusters do not support HTTP-based frontend authentication. If the frontend uses HTTP, disable security mode for the clusters first. For details, see <a href="css_01_0158.html">Changing the Security Mode of an Elasticsearch Cluster</a>. Before changing the security mode, disable load balancing first. After the security mode is changed, enable load balancing again.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001938377780__section15313855151718"><h4 class="sectiontitle">Prerequisites</h4><ul id="EN-US_TOPIC_0000001938377780__ul177451413212"><li id="EN-US_TOPIC_0000001938377780__li3745134114211">A dedicated load balancer has been created. For details, see <a href="https://docs.otc.t-systems.com/elastic-load-balancing/umn/load_balancer/creating_a_dedicated_load_balancer.html" target="_blank" rel="noopener noreferrer">Creating a Dedicated Load Balancer</a>. This load balancer must meet the following requirements:<ul id="EN-US_TOPIC_0000001938377780__ul152221534239"><li id="EN-US_TOPIC_0000001938377780__li17841155042114">Its VPC is the same as that of the CSS cluster. The network between the two are connected.</li><li id="EN-US_TOPIC_0000001938377780__li193318492314"><strong id="EN-US_TOPIC_0000001938377780__b92773937934733">IP as a Backend</strong> is enabled. This is necessary to connect a dedicated load balancer to a CSS cluster.</li><li id="EN-US_TOPIC_0000001938377780__li68596592712">Determine whether to configure an EIP based on service needs. A public IP address is displayed for the load balancer connecting the CSS cluster only if an EIP is configured. This will enable public network access to the cluster through this load balancer.</li></ul>
</li><li id="EN-US_TOPIC_0000001938377780__li19199134512112">If the ELB listener uses HTTPS, upload a server certificate or CA certificate to the ELB console. For details, see <a href="https://docs.otc.t-systems.com/elastic-load-balancing/umn/advanced_features_of_http_https_listeners/mutual_authentication.html#configuring-the-server-certificate-and-private-key" target="_blank" rel="noopener noreferrer">Configuring the Server Certificate and Private Key</a>.<ul id="EN-US_TOPIC_0000001938377780__ul7607124663315"><li id="EN-US_TOPIC_0000001938377780__li337516547320">If one-way authentication is used, upload a server certificate.</li><li id="EN-US_TOPIC_0000001938377780__li1172317176331">If two-way authentication is used, upload a server certificate and a CA certificate.</li></ul>
</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001938377780__section1566363619613"><h4 class="sectiontitle">Connecting a Cluster to a Load Balancer</h4><ol id="EN-US_TOPIC_0000001938377780__ol1470215481661"><li id="EN-US_TOPIC_0000001938377780__li1670216481163"><span id="EN-US_TOPIC_0000001938377780__ph4222205142920">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001938377780__li2194161984010">In the navigation pane on the left, choose <span class="uicontrol" id="EN-US_TOPIC_0000001938377780__uicontrol50802864085127"><b>Clusters &gt; Elasticsearch</b></span>.</li><li id="EN-US_TOPIC_0000001938377780__li1219431918401">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001938377780__li1121323131018">Click the <strong id="EN-US_TOPIC_0000001938377780__b91856859334733">Cluster Access</strong> tab, and then click the <strong id="EN-US_TOPIC_0000001938377780__b173063844034733">Load Balancing</strong> tab. On the <span class="wintitle" id="EN-US_TOPIC_0000001938377780__wintitle3493201331714"><b>Elasticsearch</b></span> tab, toggle on <strong id="EN-US_TOPIC_0000001938377780__b34130675834733">Load Balancing</strong>. In the displayed dialog box, set the parameters.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__table592216423112" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Configuring load balancing</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__row139224424119"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.5.2.4.5.2.3.1.1"><p id="EN-US_TOPIC_0000001938377780__p8922124251116">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.5.2.4.5.2.3.1.2"><p id="EN-US_TOPIC_0000001938377780__p29221442131113">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__row89231542201112"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.4.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p892313426118">Load Balancer</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.4.5.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p692304212117">Select the dedicated load balancer you have created earlier.</p>
<p id="EN-US_TOPIC_0000001938377780__p197762154383">To create a dedicated load balancer, see <a href="https://docs.otc.t-systems.com/elastic-load-balancing/umn/load_balancer/creating_a_dedicated_load_balancer.html" target="_blank" rel="noopener noreferrer">Creating a Dedicated Load Balancer</a>.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row18923174211113"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.4.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p1792384201113">Agency</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.4.5.2.3.1.2 "><div class="p" id="EN-US_TOPIC_0000001938377780__p27461811101819">To configure a load balancer, you must have the permission to access ELB resources. By configuring an IAM agency, you can authorize CSS to access its ELB resources through an associated account.<ul id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_ul165932171505"><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_li1559314171708">If you are configuring an agency for the first time, click <strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_b16891057625280">Automatically Create IAM Agency</strong> to create <strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_b20361045995280">css-elb-agency</strong>.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_li8848143212013">If there is an IAM agency automatically created earlier, you can click <strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_b8527868685280">One-click authorization</strong> to have the permissions associated with the <span class="parmvalue" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_parmvalue11614515115280"><b>ELB Administrator</b></span> role or the <span class="parmvalue" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_parmvalue3249236725280"><b>ELB FullAccess</b></span> system policy deleted automatically, and have the following custom policies added automatically instead to implement more refined permissions control.<pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_screen20696163316263">"elb:loadbalancers:list",
"elb:loadbalancers:get",
"elb:certificates:list",
"elb:healthmonitors:*",
"elb:members:*",
"elb:pools:*",
"elb:listeners:*"</pre>
</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_li5138521103113">To use <strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_b8634511205280">Automatically Create IAM Agency</strong> and <strong id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_b3623950065280">One-click authorization</strong>, the following minimum permissions are required:<pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_screen14329133681216">"iam:agencies:listAgencies",
"iam:roles:listRoles",
"iam:agencies:getAgency",
"iam:agencies:createAgency",
"iam:permissions:listRolesForAgency",
"iam:permissions:grantRoleToAgency",
"iam:permissions:listRolesForAgencyOnProject",
"iam:permissions:revokeRoleFromAgency",
"iam:roles:createRole"</pre>
</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_li177945343210">To use an IAM agency, the following minimum permissions are required:<pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002347828633_screen19191556192517">"iam:agencies:listAgencies",
"iam:agencies:getAgency",
"iam:permissions:listRolesForAgencyOnProject",
"iam:permissions:listRolesForAgency"</pre>
</li></ul>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0000001938377780__li13232203721215">Click <strong id="EN-US_TOPIC_0000001938377780__b10151155719110">OK</strong> to enable load balancing.<p id="EN-US_TOPIC_0000001938377780__p11380193742911">Load balancer information is displayed.</p>
</li><li id="EN-US_TOPIC_0000001938377780__li1672965911411">In the <strong id="EN-US_TOPIC_0000001938377780__b522316439419">Listener Configuration</strong> area, click <span><img id="EN-US_TOPIC_0000001938377780__image622374319414" src="figure/en-us_image_0000001983636885.png"></span> to configure listener information.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__table145381018102516" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Listener configuration</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__row1453731811254"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.5.2.6.3.2.3.1.1"><p id="EN-US_TOPIC_0000001938377780__p10537418182518">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.5.2.6.3.2.3.1.2"><p id="EN-US_TOPIC_0000001938377780__p2537418172512">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__row953741820251"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.6.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p65370181250">Frontend Protocol</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.6.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p1848483719462">Protocol used by the client and listener to distribute traffic.</p>
<p id="EN-US_TOPIC_0000001938377780__p12537181872516">Select <span class="parmvalue" id="EN-US_TOPIC_0000001938377780__parmvalue976612218215"><b>HTTP</b></span> or <span class="parmvalue" id="EN-US_TOPIC_0000001938377780__parmvalue121371624102113"><b>HTTPS</b></span>.</p>
<p id="EN-US_TOPIC_0000001938377780__p1253741817253">Select this protocol based on your connectivity needs.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row1853721842519"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.6.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p1537141819253">Frontend Port</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.6.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p165372186250">Port used by the client and listener to distribute traffic.</p>
<p id="EN-US_TOPIC_0000001938377780__p453711872520">Set this parameter based on site requirements.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row3538161814252"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.6.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p8537201872513">SSL Authentication</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.6.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p16537118182519">Authentication mode for the client to access the server. Set this parameter only when <strong id="EN-US_TOPIC_0000001938377780__b68812591167">Frontend Protocol</strong> is set to <strong id="EN-US_TOPIC_0000001938377780__b1226282572">HTTPS</strong>.</p>
<p id="EN-US_TOPIC_0000001938377780__p17191197134717">Both one-way and two-way authentication are supported.</p>
<p id="EN-US_TOPIC_0000001938377780__p1353811812514">Select an authentication mode that suits your needs.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row1653811186253"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.6.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p1553814189257">Server Certificate</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.6.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p19538818112514">The server certificate is used for SSL handshake. The certificate content and private key must be provided. It is required only when <strong id="EN-US_TOPIC_0000001938377780__b74584561398">Frontend Protocol</strong> is set to <strong id="EN-US_TOPIC_0000001938377780__b164587561696">HTTPS</strong>.</p>
<p id="EN-US_TOPIC_0000001938377780__p0394112723816">Select the server certificate created on ELB.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row16538151818253"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.6.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p155381518152515">CA Certificate</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.6.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p135381518112513">Also called client CA public key certificate. It is used to verify the issuer of a client certificate. It is required only when <span class="parmname" id="EN-US_TOPIC_0000001938377780__parmname2025614019249"><b>SSL Authentication</b></span> is set to <span class="parmvalue" id="EN-US_TOPIC_0000001938377780__parmvalue6256184020248"><b>Two-way authentication</b></span>.</p>
<p id="EN-US_TOPIC_0000001938377780__p177301428203913">Select the CA certificate created on ELB.</p>
<p id="EN-US_TOPIC_0000001938377780__p95381818182517">When HTTPS two-way authentication is enabled, an HTTPS connection can be established only when the client can provide the certificate issued by a trusted CA.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="fignone" id="EN-US_TOPIC_0000001938377780__fig9367028279"><span class="figcap"><b>Figure 1 </b>Listener configuration</span><br><span><img id="EN-US_TOPIC_0000001938377780__image62663725414" src="figure/en-us_image_0000001951401518.png"></span></div>
</li><li id="EN-US_TOPIC_0000001938377780__li154289895116">(Optional) In the <strong id="EN-US_TOPIC_0000001938377780__b165131249105318">Listener</strong> area, click <strong id="EN-US_TOPIC_0000001938377780__b17514154917535">Configure</strong> next to<strong id="EN-US_TOPIC_0000001938377780__b11516349155316"> Access Control</strong> to go to the listener list of the load balancer. Click Configure in the Access Control column of a listener to configure access control for that listener. For more information, see section "What Is Access Control?" in <em id="EN-US_TOPIC_0000001938377780__i29813086934733">Elastic Load Balance User Guide</em>.<p id="EN-US_TOPIC_0000001938377780__p1252899155116">Without access control policies, all IP addresses are allowed to access the CSS cluster through this load balancer, which may create security risks.</p>
</li><li id="EN-US_TOPIC_0000001938377780__li854013920293">In the <strong id="EN-US_TOPIC_0000001938377780__b1832819145168">Health Check</strong> area, you can view the health check result for each node IP address.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__table498210896" frame="border" border="1" rules="all"><caption><b>Table 5 </b>Health check result description</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__row109822018917"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.8.2.2.3.1.1"><p id="EN-US_TOPIC_0000001938377780__p8982801591">Health Check Result</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.8.2.2.3.1.2"><p id="EN-US_TOPIC_0000001938377780__p17982601697">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__row8982110799"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.8.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p1198250192">Normal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.8.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p18983403917">The node IP address is connected.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row189830016919"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.8.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p49831701891">Abnormal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.8.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p89831302910">The node IP address is disconnected.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0000001938377780__li411123914303">If the cluster no longer needs a dedicated load balancer, disassociate it to release resources.<p id="EN-US_TOPIC_0000001938377780__p12134124453515"><a name="EN-US_TOPIC_0000001938377780__li411123914303"></a><a name="li411123914303"></a>Choose <strong id="EN-US_TOPIC_0000001938377780__b158495871434733">Load Balancing</strong> &gt; <strong id="EN-US_TOPIC_0000001938377780__b189700743334733">Elasticsearch</strong>, toggle off <strong id="EN-US_TOPIC_0000001938377780__b88396496034733">Load Balancing</strong>. In the displayed dialog box, click <strong id="EN-US_TOPIC_0000001938377780__b39075283434733">OK</strong>.</p>
<div class="caution" id="EN-US_TOPIC_0000001938377780__note13369168133719"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000001938377780__p173691989371">After the load balancer is disassociated, any listener or backend server group configurations will be permanently deleted.</p>
</div></div>
</li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_section6525113933311"><h4 class="sectiontitle">Accessing a Cluster Through a Load Balancer by Executing cURL Commands</h4><ol id="EN-US_TOPIC_0000001938377780__ol1974042011111"><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001972375889_li131841021174410">In the navigation pane on the left, choose <span class="wintitle" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001972375889_wintitle121841621164416"><b>Clusters</b></span>.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002338102386_li13384173215434"><span id="EN-US_TOPIC_0000001938377780__ph107497476504">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002338102386_li1238510328430">In the navigation pane on the left, choose <span class="uicontrol" id="EN-US_TOPIC_0000001938377780__uicontrol8925817985127"><b>Clusters &gt; Elasticsearch</b></span>.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000002338102386_li7385173216438">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001972375889_li518410215446">Click the <strong id="EN-US_TOPIC_0000001938377780__b15517853195411">Cluster Access</strong> tab, and then click the <strong id="EN-US_TOPIC_0000001938377780__b0518135316549">Load Balancing</strong> tab. On the <span class="wintitle" id="EN-US_TOPIC_0000001938377780__wintitle559224974617"><b>Elasticsearch</b></span> tab, record the private or public IP address or IPv6 address of the load balancer, as well as the frontend protocol/port of the listener.<div class="caution" id="EN-US_TOPIC_0000001938377780__note620183184712"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000001938377780__p069516712225">You are not advised to connect a load balancer that has been associated with a public IP address to a non-security mode cluster. Allowing public network access through such a load balancer may cause security risks because a non-security mode cluster can be accessed via HTTP without security authentication.</p>
</div></div>
</li><li id="EN-US_TOPIC_0000001938377780__li18962173014128">Run the following cURL commands on an ECS to check whether the dedicated load balancer can connect to the cluster.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_table4446327845" frame="border" border="1" rules="all"><caption><b>Table 6 </b>Commands for accessing different types of clusters</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row4446127145"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.6.2.6.1.2.4.1.1"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p54462271544">Security Mode</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.6.2.6.1.2.4.1.2"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p114467271947">Service Form Provided by ELB for External Systems</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.6.2.6.1.2.4.1.3"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p3582618154718">cURL Command for Accessing a Cluster</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row2447527049"><td class="cellrowborder" rowspan="3" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p1044715275413">Non-security</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p1544712276420">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.6.2.6.1.2.4.1.3 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen1747520910129">curl http://IP:port</pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row889765821011"><td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p78978581104">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.2 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen12237201218113">curl --cacert ./ca.crt https://IP:port</pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row9447132710410"><td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p544711271341">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.2 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen149821446191116">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://IP:port</pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row11447172714420"><td class="cellrowborder" rowspan="3" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p1044712271441">Security mode + HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p17447727547">Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.6.2.6.1.2.4.1.3 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen0777171751218">curl http://IP:port -u <i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname115297311313">user</span></i>:<i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname5529437139">pwd</span></i></pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row129161432141217"><td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p4916332141216">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.2 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen10521175018129">curl --cacert ./ca.crt https://IP:port -u <i><span class="varname" id="EN-US_TOPIC_0000001938377780__varname7134164620155">user</span></i>:<i><span class="varname" id="EN-US_TOPIC_0000001938377780__varname733095112150">pwd</span></i></pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row1944819273415"><td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p194314694019">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.2 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen12973123219133">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://IP:port -u <i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname181422402133">user</span></i>:<i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname22483439131">pwd</span></i></pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row24487273416"><td class="cellrowborder" rowspan="2" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p166041448144519">Security mode + HTTPS</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.6.2.6.1.2.4.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p1144818274413">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.6.2.6.1.2.4.1.3 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen724944101418">curl --cacert ./ca.crt https://IP:port -u <i><span class="varname" id="EN-US_TOPIC_0000001938377780__varname19101125914160">user</span></i>:<i><span class="varname" id="EN-US_TOPIC_0000001938377780__varname202012181712">pwd</span></i></pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row60175261311"><td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p7932175719401">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.6.2.6.1.2.4.1.2 "><pre class="screen" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_screen72497412141">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://IP:port -u <i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname324924161417">user</span></i>:<i><span class="varname" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_varname424974171411">pwd</span></i></pre>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_table111741414338" frame="border" border="1" rules="all"><caption><b>Table 7 </b>Variables</caption><thead align="left"><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row91731411337"><th align="left" class="cellrowborder" valign="top" width="23.7%" id="mcps1.3.6.2.6.2.2.3.1.1"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p14171714153311">Variable</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.3%" id="mcps1.3.6.2.6.2.2.3.1.2"><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p417131412333">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row192601805113"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.6.2.6.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p19261218155110">IP</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.6.2.6.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p42611819514">IP address of a load balancer instance.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__row17404172471520"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.6.2.6.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__p1940418244158">port</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.6.2.6.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__p24041624191514">Frontend protocol and port configured for the listener.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row131711473319"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.6.2.6.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p4171147336">user</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.6.2.6.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p111791417336">Username of the cluster. This parameter is required only for a security-mode cluster.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_row161711420338"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.6.2.6.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p17171149336">pwd</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.6.2.6.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p11713147339">Password of the username above. This parameter is required only for a security-mode cluster.</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001463438465_p55581652155510">If cluster information is returned, the connection is successful.</p>
</li></ol>
<p id="EN-US_TOPIC_0000001938377780__p010982614172">See also: <a href="#EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section1146765293619">Sample Code for ESSecuredClientWithCerDemo</a>, <a href="#EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section177951919193614">Sample Code for SecuredHttpClientConfigCallback</a>, and <a href="#EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section5394175153518">pom.xml Sample Code</a>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section1146765293619"><a name="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section1146765293619"></a><a name="en-us_topic_0000001412998750_section1146765293619"></a><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Sample Code for ESSecuredClientWithCerDemo</h4></div><div class="dropdowncontext"></div><div class="dropdowncontext"><div class="codecoloring" codetype="Java" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_screen21051518342"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal"> 10</span>
<span class="normal"> 11</span>
<span class="normal"> 12</span>
<span class="normal"> 13</span>
<span class="normal"> 14</span>
<span class="normal"> 15</span>
<span class="normal"> 16</span>
<span class="normal"> 17</span>
<span class="normal"> 18</span>
<span class="normal"> 19</span>
<span class="normal"> 20</span>
<span class="normal"> 21</span>
<span class="normal"> 22</span>
<span class="normal"> 23</span>
<span class="normal"> 24</span>
<span class="normal"> 25</span>
<span class="normal"> 26</span>
<span class="normal"> 27</span>
<span class="normal"> 28</span>
<span class="normal"> 29</span>
<span class="normal"> 30</span>
<span class="normal"> 31</span>
<span class="normal"> 32</span>
<span class="normal"> 33</span>
<span class="normal"> 34</span>
<span class="normal"> 35</span>
<span class="normal"> 36</span>
<span class="normal"> 37</span>
<span class="normal"> 38</span>
<span class="normal"> 39</span>
<span class="normal"> 40</span>
<span class="normal"> 41</span>
<span class="normal"> 42</span>
<span class="normal"> 43</span>
<span class="normal"> 44</span>
<span class="normal"> 45</span>
<span class="normal"> 46</span>
<span class="normal"> 47</span>
<span class="normal"> 48</span>
<span class="normal"> 49</span>
<span class="normal"> 50</span>
<span class="normal"> 51</span>
<span class="normal"> 52</span>
<span class="normal"> 53</span>
<span class="normal"> 54</span>
<span class="normal"> 55</span>
<span class="normal"> 56</span>
<span class="normal"> 57</span>
<span class="normal"> 58</span>
<span class="normal"> 59</span>
<span class="normal"> 60</span>
<span class="normal"> 61</span>
<span class="normal"> 62</span>
<span class="normal"> 63</span>
<span class="normal"> 64</span>
<span class="normal"> 65</span>
<span class="normal"> 66</span>
<span class="normal"> 67</span>
<span class="normal"> 68</span>
<span class="normal"> 69</span>
<span class="normal"> 70</span>
<span class="normal"> 71</span>
<span class="normal"> 72</span>
<span class="normal"> 73</span>
<span class="normal"> 74</span>
<span class="normal"> 75</span>
<span class="normal"> 76</span>
<span class="normal"> 77</span>
<span class="normal"> 78</span>
<span class="normal"> 79</span>
<span class="normal"> 80</span>
<span class="normal"> 81</span>
<span class="normal"> 82</span>
<span class="normal"> 83</span>
<span class="normal"> 84</span>
<span class="normal"> 85</span>
<span class="normal"> 86</span>
<span class="normal"> 87</span>
<span class="normal"> 88</span>
<span class="normal"> 89</span>
<span class="normal"> 90</span>
<span class="normal"> 91</span>
<span class="normal"> 92</span>
<span class="normal"> 93</span>
<span class="normal"> 94</span>
<span class="normal"> 95</span>
<span class="normal"> 96</span>
<span class="normal"> 97</span>
<span class="normal"> 98</span>
<span class="normal"> 99</span>
<span class="normal">100</span>
<span class="normal">101</span>
<span class="normal">102</span>
<span class="normal">103</span></pre></div></td><td class="code"><div><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.commons.io.IOUtils</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.AuthScope</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.UsernamePasswordCredentials</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.client.CredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.impl.client.BasicCredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.HttpHost</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.nio.conn.ssl.SSLIOSessionStrategy</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchRequest</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchResponse</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RequestOptions</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestHighLevelClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.index.query.QueryBuilders</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHit</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHits</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.builder.SearchSourceBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.FileInputStream</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.IOException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.KeyStore</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.SecureRandom</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.HostnameVerifier</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.KeyManagerFactory</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLContext</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLSession</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.TrustManagerFactory</span><span class="p">;</span>
<span class="kd">public</span><span class="w"> </span><span class="kd">class</span> <span class="nc">ESSecuredClientWithCerDemo</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">KEY_STORE_PWD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">TRUST_KEY_STORE_PWD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">CA_JKS_PATH</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;ca.jks&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">CLIENT_JKS_PATH</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;client.jks&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">ELB_ADDRESS</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;127.0.0.1&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">ELB_PORT</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">9200</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">CSS_USERNAME</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;user&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">CSS_PWD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">main</span><span class="p">(</span><span class="n">String</span><span class="o">[]</span><span class="w"> </span><span class="n">args</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// Create a client.</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">initESClient</span><span class="p">(</span><span class="n">ELB_ADDRESS</span><span class="p">,</span><span class="w"> </span><span class="n">CSS_USERNAME</span><span class="p">,</span><span class="w"> </span><span class="n">CSS_PWD</span><span class="p">);</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// Search by using match_all, which is equivalent to {\&quot;query\&quot;: {\&quot;match_all\&quot;: {}}}.</span>
<span class="w"> </span><span class="n">SearchRequest</span><span class="w"> </span><span class="n">searchRequest</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchRequest</span><span class="p">();</span>
<span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="w"> </span><span class="n">searchSourceBuilder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="p">();</span>
<span class="w"> </span><span class="n">searchSourceBuilder</span><span class="p">.</span><span class="na">query</span><span class="p">(</span><span class="n">QueryBuilders</span><span class="p">.</span><span class="na">matchAllQuery</span><span class="p">());</span>
<span class="w"> </span><span class="n">searchRequest</span><span class="p">.</span><span class="na">source</span><span class="p">(</span><span class="n">searchSourceBuilder</span><span class="p">);</span>
<span class="w"> </span><span class="c1">// query</span>
<span class="w"> </span><span class="n">SearchResponse</span><span class="w"> </span><span class="n">searchResponse</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">search</span><span class="p">(</span><span class="n">searchRequest</span><span class="p">,</span><span class="w"> </span><span class="n">RequestOptions</span><span class="p">.</span><span class="na">DEFAULT</span><span class="p">);</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query result: &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">toString</span><span class="p">());</span>
<span class="w"> </span><span class="n">SearchHits</span><span class="w"> </span><span class="n">hits</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">getHits</span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">SearchHit</span><span class="w"> </span><span class="n">hit</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">hits</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="n">hit</span><span class="p">.</span><span class="na">getSourceAsString</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query success&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">Thread</span><span class="p">.</span><span class="na">sleep</span><span class="p">(</span><span class="mi">2000L</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">InterruptedException</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">IOException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">finally</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">IOUtils</span><span class="p">.</span><span class="na">closeQuietly</span><span class="p">(</span><span class="n">client</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="nf">initESClient</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">password</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">BasicCredentialsProvider</span><span class="p">();</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">.</span><span class="na">setCredentials</span><span class="p">(</span><span class="n">AuthScope</span><span class="p">.</span><span class="na">ANY</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordCredentials</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">));</span>
<span class="w"> </span><span class="n">SSLContext</span><span class="w"> </span><span class="n">ctx</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">getKeyStore</span><span class="p">(</span><span class="n">CLIENT_JKS_PATH</span><span class="p">,</span><span class="w"> </span><span class="n">KEY_STORE_PWD</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;JKS&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">KeyManagerFactory</span><span class="w"> </span><span class="n">kmf</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">KeyManagerFactory</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SunX509&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">kmf</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">KEY_STORE_PWD</span><span class="p">.</span><span class="na">toCharArray</span><span class="p">());</span>
<span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="n">tks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">getKeyStore</span><span class="p">(</span><span class="n">CA_JKS_PATH</span><span class="p">,</span><span class="w"> </span><span class="n">TRUST_KEY_STORE_PWD</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;JKS&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">TrustManagerFactory</span><span class="w"> </span><span class="n">tmf</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">TrustManagerFactory</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SunX509&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="n">tks</span><span class="p">);</span>
<span class="w"> </span><span class="n">ctx</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLContext</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SSL&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;SunJSSE&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">ctx</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="n">kmf</span><span class="p">.</span><span class="na">getKeyManagers</span><span class="p">(),</span><span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">getTrustManagers</span><span class="p">(),</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecureRandom</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">Exception</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sessionStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">HostnameVerifier</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">boolean</span><span class="w"> </span><span class="nf">verify</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">arg0</span><span class="p">,</span><span class="w"> </span><span class="n">SSLSession</span><span class="w"> </span><span class="n">arg1</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">true</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">});</span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="n">httpClientConfigCallback</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="n">sessionStrategy</span><span class="p">,</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestClientBuilder</span><span class="w"> </span><span class="n">builder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">ELB_PORT</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;https&quot;</span><span class="p">))</span>
<span class="w"> </span><span class="p">.</span><span class="na">setHttpClientConfigCallback</span><span class="p">(</span><span class="n">httpClientConfigCallback</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="nf">getKeyStore</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">path</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">pwd</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="n">keyStore</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="n">FileInputStream</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">FileInputStream</span><span class="p">(</span><span class="n">path</span><span class="p">);</span>
<span class="w"> </span><span class="n">keyStore</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">KeyStore</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="n">type</span><span class="p">);</span>
<span class="w"> </span><span class="n">keyStore</span><span class="p">.</span><span class="na">load</span><span class="p">(</span><span class="n">is</span><span class="p">,</span><span class="w"> </span><span class="n">pwd</span><span class="p">.</span><span class="na">toCharArray</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">Exception</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">finally</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">IOUtils</span><span class="p">.</span><span class="na">closeQuietly</span><span class="p">(</span><span class="n">is</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">keyStore</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></td></tr></table></div>
</div>
</div></div></div>
<div class="section" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section177951919193614"><a name="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section177951919193614"></a><a name="en-us_topic_0000001412998750_section177951919193614"></a><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Sample Code for SecuredHttpClientConfigCallback</h4></div><div class="dropdowncontext"></div><div class="dropdowncontext"><div class="codecoloring" codetype="Java" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_screen6102416173614"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span>
<span class="normal">27</span>
<span class="normal">28</span>
<span class="normal">29</span>
<span class="normal">30</span>
<span class="normal">31</span>
<span class="normal">32</span>
<span class="normal">33</span>
<span class="normal">34</span>
<span class="normal">35</span>
<span class="normal">36</span>
<span class="normal">37</span>
<span class="normal">38</span>
<span class="normal">39</span>
<span class="normal">40</span>
<span class="normal">41</span>
<span class="normal">42</span>
<span class="normal">43</span>
<span class="normal">44</span>
<span class="normal">45</span>
<span class="normal">46</span>
<span class="normal">47</span>
<span class="normal">48</span>
<span class="normal">49</span>
<span class="normal">50</span>
<span class="normal">51</span>
<span class="normal">52</span>
<span class="normal">53</span>
<span class="normal">54</span>
<span class="normal">55</span>
<span class="normal">56</span>
<span class="normal">57</span>
<span class="normal">58</span>
<span class="normal">59</span></pre></div></td><td class="code"><div><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.client.CredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.impl.nio.client.HttpAsyncClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.nio.conn.ssl.SSLIOSessionStrategy</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.common.Nullable</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.util.Objects</span><span class="p">;</span>
<span class="kd">class</span> <span class="nc">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">RestClientBuilder</span><span class="p">.</span><span class="na">HttpClientConfigCallback</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Nullable</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * The {@link SSLIOSessionStrategy} for all requests to enable SSL / TLS encryption.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">;</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Create a new {@link SecuredHttpClientConfigCallback}.</span>
<span class="cm"> *</span>
<span class="cm"> * @param credentialsProvider The credential provider, if a username/password have been supplied</span>
<span class="cm"> * @param sslStrategy The SSL strategy, if SSL / TLS have been supplied</span>
<span class="cm"> * @throws NullPointerException if {@code sslStrategy} is {@code null}</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="kd">final</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">,</span>
<span class="w"> </span><span class="nd">@Nullable</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="na">sslStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Objects</span><span class="p">.</span><span class="na">requireNonNull</span><span class="p">(</span><span class="n">sslStrategy</span><span class="p">);</span>
<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="na">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Get the {@link CredentialsProvider} that will be added to the HTTP client.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Can be {@code null}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="nd">@Nullable</span>
<span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="nf">getCredentialsProvider</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Get the {@link SSLIOSessionStrategy} that will be added to the HTTP client.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Never {@code null}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="nf">getSSLStrategy</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Sets the {@linkplain HttpAsyncClientBuilder#setDefaultCredentialsProvider(CredentialsProvider) credential provider},</span>
<span class="cm"> *</span>
<span class="cm"> * @param httpClientBuilder The client to configure.</span>
<span class="cm"> * @return Always {@code httpClientBuilder}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="n">HttpAsyncClientBuilder</span><span class="w"> </span><span class="nf">customizeHttpClient</span><span class="p">(</span><span class="kd">final</span><span class="w"> </span><span class="n">HttpAsyncClientBuilder</span><span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// enable SSL / TLS</span>
<span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">.</span><span class="na">setSSLStrategy</span><span class="p">(</span><span class="n">sslStrategy</span><span class="p">);</span>
<span class="w"> </span><span class="c1">// enable user authentication</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="kc">null</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">.</span><span class="na">setDefaultCredentialsProvider</span><span class="p">(</span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></td></tr></table></div>
</div>
</div></div></div>
<div class="section" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section5394175153518"><a name="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_section5394175153518"></a><a name="en-us_topic_0000001412998750_section5394175153518"></a><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">pom.xml Sample Code</h4></div><div class="dropdowncontext"></div><div class="dropdowncontext"><div class="codecoloring" codetype="Java" id="EN-US_TOPIC_0000001938377780__en-us_topic_0000001412998750_screen16223287351"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span>
<span class="normal">27</span>
<span class="normal">28</span>
<span class="normal">29</span>
<span class="normal">30</span>
<span class="normal">31</span>
<span class="normal">32</span>
<span class="normal">33</span>
<span class="normal">34</span>
<span class="normal">35</span>
<span class="normal">36</span>
<span class="normal">37</span>
<span class="normal">38</span>
<span class="normal">39</span></pre></div></td><td class="code"><div><pre><span></span><span class="o">&lt;?</span><span class="n">xml</span><span class="w"> </span><span class="n">version</span><span class="o">=</span><span class="s">&quot;1.0&quot;</span><span class="w"> </span><span class="n">encoding</span><span class="o">=</span><span class="s">&quot;UTF-8&quot;</span><span class="o">?&gt;</span>
<span class="o">&lt;</span><span class="n">project</span><span class="w"> </span><span class="n">xmlns</span><span class="o">=</span><span class="s">&quot;http://maven.apache.org/POM/4.0.0&quot;</span>
<span class="w"> </span><span class="n">xmlns</span><span class="p">:</span><span class="n">xsi</span><span class="o">=</span><span class="s">&quot;http://www.w3.org/2001/XMLSchema-instance&quot;</span>
<span class="w"> </span><span class="n">xsi</span><span class="p">:</span><span class="n">schemaLocation</span><span class="o">=</span><span class="s">&quot;http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd&quot;</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">modelVersion</span><span class="o">&gt;</span><span class="mf">4.0.0</span><span class="o">&lt;/</span><span class="n">modelVersion</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">groupId</span><span class="o">&gt;</span><span class="mi">1</span><span class="o">&lt;/</span><span class="n">groupId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">artifactId</span><span class="o">&gt;</span><span class="n">ESClient</span><span class="o">&lt;/</span><span class="n">artifactId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="mf">1.0</span><span class="o">-</span><span class="n">SNAPSHOT</span><span class="o">&lt;/</span><span class="n">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">name</span><span class="o">&gt;</span><span class="n">ESClient</span><span class="o">&lt;/</span><span class="n">name</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">properties</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">maven</span><span class="p">.</span><span class="na">compiler</span><span class="p">.</span><span class="na">source</span><span class="o">&gt;</span><span class="mi">8</span><span class="o">&lt;/</span><span class="n">maven</span><span class="p">.</span><span class="na">compiler</span><span class="p">.</span><span class="na">source</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">maven</span><span class="p">.</span><span class="na">compiler</span><span class="p">.</span><span class="na">target</span><span class="o">&gt;</span><span class="mi">8</span><span class="o">&lt;/</span><span class="n">maven</span><span class="p">.</span><span class="na">compiler</span><span class="p">.</span><span class="na">target</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">project</span><span class="p">.</span><span class="na">build</span><span class="p">.</span><span class="na">sourceEncoding</span><span class="o">&gt;</span><span class="n">UTF</span><span class="o">-</span><span class="mi">8</span><span class="o">&lt;/</span><span class="n">project</span><span class="p">.</span><span class="na">build</span><span class="p">.</span><span class="na">sourceEncoding</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">elasticsearch</span><span class="p">.</span><span class="na">version</span><span class="o">&gt;</span><span class="mf">7.10.2</span><span class="o">&lt;/</span><span class="n">elasticsearch</span><span class="p">.</span><span class="na">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">properties</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">dependencies</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">groupId</span><span class="o">&gt;</span><span class="n">org</span><span class="p">.</span><span class="na">elasticsearch</span><span class="p">.</span><span class="na">client</span><span class="o">&lt;/</span><span class="n">groupId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">artifactId</span><span class="o">&gt;</span><span class="n">transport</span><span class="o">&lt;/</span><span class="n">artifactId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="n">$</span><span class="p">{</span><span class="n">elasticsearch</span><span class="p">.</span><span class="na">version</span><span class="p">}</span><span class="o">&lt;/</span><span class="n">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">groupId</span><span class="o">&gt;</span><span class="n">org</span><span class="p">.</span><span class="na">elasticsearch</span><span class="o">&lt;/</span><span class="n">groupId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">artifactId</span><span class="o">&gt;</span><span class="n">elasticsearch</span><span class="o">&lt;/</span><span class="n">artifactId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="n">$</span><span class="p">{</span><span class="n">elasticsearch</span><span class="p">.</span><span class="na">version</span><span class="p">}</span><span class="o">&lt;/</span><span class="n">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">groupId</span><span class="o">&gt;</span><span class="n">org</span><span class="p">.</span><span class="na">elasticsearch</span><span class="p">.</span><span class="na">client</span><span class="o">&lt;/</span><span class="n">groupId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">artifactId</span><span class="o">&gt;</span><span class="n">elasticsearch</span><span class="o">-</span><span class="n">rest</span><span class="o">-</span><span class="n">high</span><span class="o">-</span><span class="n">level</span><span class="o">-</span><span class="n">client</span><span class="o">&lt;/</span><span class="n">artifactId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="n">$</span><span class="p">{</span><span class="n">elasticsearch</span><span class="p">.</span><span class="na">version</span><span class="p">}</span><span class="o">&lt;/</span><span class="n">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">groupId</span><span class="o">&gt;</span><span class="n">commons</span><span class="o">-</span><span class="n">io</span><span class="o">&lt;/</span><span class="n">groupId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">artifactId</span><span class="o">&gt;</span><span class="n">commons</span><span class="o">-</span><span class="n">io</span><span class="o">&lt;/</span><span class="n">artifactId</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="mf">2.11.0</span><span class="o">&lt;/</span><span class="n">version</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">dependency</span><span class="o">&gt;</span>
<span class="w"> </span><span class="o">&lt;/</span><span class="n">dependencies</span><span class="o">&gt;</span>
<span class="o">&lt;/</span><span class="n">project</span><span class="o">&gt;</span>
</pre></div></td></tr></table></div>
</div>
</div></div></div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0010.html">Configuring Networking for an Elasticsearch Cluster</a></div>
</div>
</div>
View Git Blame Copy Permalink