elasticsearch-py HTTPS_PROXY变量忽略-企业代理

dffbzjpn  于 2023-06-21  发布在  ElasticSearch
关注(0)|答案(1)|浏览(156)

我尝试使用此代码来利用python请求库通过指定HTTPS_PROXY环境变量通过企业HTTP代理连接到elasticsearch,但似乎当我尝试通过HTTPS连接时,HTTPS_PROXY变量被忽略了

from elasticsearch import Elasticsearch, RequestsHttpConnection
es = Elasticsearch([es_url], connection_class=RequestsHttpConnection)

我不能使用HTTP,因为我们的elasticsearch是通过端口443托管在HTTPS上的
我的期望是库应该尝试通过HTTP代理进行连接,但是它似乎仍然在尝试直接连接到主机而不通过公司代理

vc9ivgsu

vc9ivgsu1#

  • 基本上,要连接到具有SSH(HTTPS)保护的Elasticsearch Remote服务器,您将需要SSL certificate文件,该文件通常在Elasticsearch配置文件夹中生成,如下所示:C:\elastic-stack\elasticsearch-8.7.1-windows-x86_64\elasticsearch-8.7.1\config\certs\http_ca.crt
  • 我不知道它如何与Python一起工作,但我可以告诉它如何与Java一起工作。但是有一个小问题,由证书颁发机构(CA)签署的证书不能被Java truststore识别。
  • 要解决此问题,您需要将Elasticsearch服务器的SSL证书添加到Java应用程序使用的信任库中。要执行此操作,请在终端中编写以下命令:
keytool -import -alias http_ca -file C:Users\User\Downloads\http_ca.crt -keystore truststore.jks
  • 最后,Java client看起来像这样,它与Elastic建立了连接并打印出相关的连接状态:
public class ElasticsearchConnectionCheckHTTPS {

  public static void main(String[] args) {
      String host = "ELASTIC-IP-ADDRESS";
      int port = ELASTIC-PORT;
      String username = "USERNAME";
      String password = "PASSWORD";
      String truststorePath = "\PATH\TO\truststore.jks";
      String truststorePassword = "TRUSTSTORE-PASSWORD";

      try {
          KeyStore truststore = KeyStore.getInstance("JKS");
          truststore.load(new FileInputStream(truststorePath), truststorePassword.toCharArray());

          TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
          trustManagerFactory.init(truststore);

          SSLContext sslContext = SSLContext.getInstance("TLS");
          sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

          CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
          credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

          RestHighLevelClient client = new RestHighLevelClient(
                  RestClient.builder(new HttpHost(host, port, "https"))
                                  .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
                                  .setDefaultCredentialsProvider(credentialsProvider)
                                  .setSSLContext(sslContext)
                                  .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)));

          MainResponse response = client.info(RequestOptions.DEFAULT);
          String clusterName = response.getClusterName().toString();
          String clusterVersion = response.getVersion().toString();
          System.out.println("Connected to Elasticsearch cluster: " + clusterName + " (Version: " + clusterVersion + ")");

          client.close();
      } catch (Exception e) {
          System.out.println("Failed to connect to Elasticsearch server. Exception: " + e.getMessage());
      }
  }
}
  • 如果你做的一切都是正确的,那么你应该会看到类似的结果:

相关问题