diff --git a/.env b/.env new file mode 100644 index 0000000..83c0256 --- /dev/null +++ b/.env @@ -0,0 +1,3 @@ +COMPOSE_PROJECT_NAME=es +CERTS_DIR=/usr/share/elasticsearch/config/certificates/ +VERSION=7.8.0 \ No newline at end of file diff --git a/admin-key.pem b/admin-key.pem deleted file mode 100644 index 2938fb4..0000000 --- a/admin-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8uPjEqEB3Xs7L -ot0ghzYr976PVW2oVE7T/dfWbN7oT+ycDWOkrUzJs4j2/0A1x1stmTPJh/nI42Kh -ciJByXG+Yjr8xX+QyNflC2GTSHJtTCqBFVPRi3dzBh/rHareY/RVxuehc3NCIch5 -xs5OV0UQOt7eL8/yNuD2qdByZKg1ra0E1+5gk/pxH0QDb4/TFWgJXvgCBVKe7mRF -5eHzs6QWr9WQl49qeAcTs4OOVZkBthKUoBLsbqOxKxBserXIoBNly4+OwvWt/fhe -2XK38YJYgb3Rla2kYXKB9e0/OXkmSvROz3zwSpg9qanv39MPCbrJN/srFAcpn6Sn -rdzo312NAgMBAAECggEBAJu1Ictf5pCWsJhjL37/EDsGlTs9iNQxezh9X++Ss/eI -ufenNGdSdOCWOJNR1nCIoznkBU5p2jVdJqt9t7X/ttEVywVzDeUvULGxyjfytjZn -eUo3hoiFQXCtxPf/6lLCtX1wNvyGfLo7lWSkGuOYLWtOp0M6v59gmAvr4AgB9KcT -0aZGLUvOMtGeffoK0eIBiac5GzbgkO2UYJwG7KiUJodv4O1+MIllGb7XX3kmi/2m -HhGr2EsikcL7nJI9GUfMOSwOoOrQovREImju9ZOlygwUU3k8F4+ZNJInNvWOaSTq -f58CqXTrRHwxO/ART+d1PuzIlCvJlnUG6hHvhIAoJyECgYEA4oVHHSWIZJILMTE/ -bwNkWg8qD96A98zTeoV5RCuCBDSjhq18adkuGf3GTHEIXA79sVsTK0lGHqQiWdCi -+BczSmoarzl4sqNup+4735/di3aaKjBHfhS5wIB6mFgfQTDDbYBgD22sLaKaehJv -Fxgl1HH0S8dbo/XJnus3jaKW0HsCgYEA1Uhrfjx3zVJnIuCwxbxlluS33lQ+qjdl -kvomDRmo+WdNJi75hc+a449s+iHukCP8dlKKBFoLj0nzPXSYjFF13t+zsYMmXdV2 -eWWpvVnGojjWHkQFMjHo5abnWNtpTwJtfBSbjOkzcxekdBKOAxc/1MHPcN/ZQLRc -Gw5XX3Lqn5cCgYByG92FC0E4GHHW6A4iaD0HORhhQh8JtX7a+53o/1nRsIqn74D6 -+VLF+RcJru8dINgfndd8OL8/9ELxp65Q9674z5Z9qp/orXey1MoIjsnV1Xs3wXZi -RyKDnLUlRU8JUf1AjijV3NOdcYoL8HlR0vJLoNQF0HmTkN9uVON5T+xVPQKBgETI -5mH//mMpgDmvXVNoPxs7CFGbudoLo6aTJlJzRBurRSZbX/3Xxow9ZVgGOXojIPjI -BdsBb1j28IuRXuFiJDGM09ccBPOeNGdScjuvCHCpA+Ue6s4VapcmDNaLbJsenVC3 -FLONQhqMNW15znMQvHVRTCWLC/XiNRJEvcj6ttBhAoGAKpc8vB2/1oYokNUsm41w -N1hU3/vZUIodU23Xq7zlBeW/ORDyFkc3Ma8xGxfCwIQGntHidgYq7Ukd0a5PC16Y -EUooI6ErlWcqB/b22VyGDKLjIAnGMaf6uXyiVwQqJmwr3FIaV1SxqpO8OkRXt/TO -KEtci6UrFII6ClGmsi6pgUQ= ------END PRIVATE KEY----- diff --git a/admin.pem b/admin.pem deleted file mode 100644 index 05ce668..0000000 --- a/admin.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDQTCCAikCFCFrYZBerplClvWabUIF16kVNBRgMA0GCSqGSIb3DQEBCwUAMFsx -CzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRAwDgYDVQQHDAdBVklHTk9OMQ0w -CwYDVQQKDARJTlJBMRAwDgYDVQQLDAdJTlNZTFZBMQowCAYDVQQDDAFOMB4XDTIw -MDUwMjAxMzEyN1oXDTIwMDYwMTAxMzEyN1owXzELMAkGA1UEBhMCRlIxDTALBgNV -BAgMBFBBQ0ExEDAOBgNVBAcMB0FWSUdOT04xDTALBgNVBAoMBElOUkExEDAOBgNV -BAsMB0lOU1lMVkExDjAMBgNVBAMMBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAvLj4xKhAd17Oy6LdIIc2K/e+j1VtqFRO0/3X1mze6E/snA1j -pK1MybOI9v9ANcdbLZkzyYf5yONioXIiQclxvmI6/MV/kMjX5Qthk0hybUwqgRVT -0Yt3cwYf6x2q3mP0VcbnoXNzQiHIecbOTldFEDre3i/P8jbg9qnQcmSoNa2tBNfu -YJP6cR9EA2+P0xVoCV74AgVSnu5kReXh87OkFq/VkJePangHE7ODjlWZAbYSlKAS -7G6jsSsQbHq1yKATZcuPjsL1rf34Xtlyt/GCWIG90ZWtpGFygfXtPzl5Jkr0Ts98 -8EqYPamp79/TDwm6yTf7KxQHKZ+kp63c6N9djQIDAQABMA0GCSqGSIb3DQEBCwUA -A4IBAQAew/oWEYn2nsa3+vLWtay49U/M6Yqyc/IRRRyu313RKQdU638rtcaTtLJ1 -Ujpkqberq37h9m5BqxdUpBYyO5rJJoUooyIsPUkr2jAUWtQXxTeEtMX7BDPi4LQn -t3TtTw4aInOaEJn2m6Vg5VHuaNC+OXFuOwsKiVkznYGEnCd6BNcF7NdoEp52GOua -mb8JzbvEMj519JkI8hSKOzNlfGXSe3aPsZhrA8E9I3VQz5v/9231fi7j06D5ooTh -nEY6f+vB3SphDcgpgLSJBA+1Mmwfy7n/tPR2LckQBgUaXMuUiDmz3SM54Po2Sw6Y -72c8HtjfQxlZpL1uRjUHv2ylvpWm ------END CERTIFICATE----- diff --git a/docker-compose.yml b/docker-compose.yml index ad8db06..1617cc8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,117 @@ version: "3.7" services: + create_certs: + container_name: create_certs + image: docker.elastic.co/elasticsearch/elasticsearch:$VERSION + command: > + bash -c ' + if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then + bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass "" + fi; + chown -R 1000:0 /usr/share/elasticsearch/config/certificates + ' + user: "0" + working_dir: /usr/share/elasticsearch + volumes: ['certs:/usr/share/elasticsearch/config/certificates'] + + es01: + container_name: es01 + depends_on: [create_certs] + image: docker.elastic.co/elasticsearch/elasticsearch:$VERSION + environment: + - node.name=es01 + - cluster.name=es-docker-cluster + - cluster.initial_master_nodes=es01 + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + - ELASTIC_PASSWORD=InSylva1465441881 + - xpack.security.enabled=true + - xpack.security.transport.ssl.enabled=true + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12 + - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12 + volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates', 'logs:/var/log'] + ulimits: + nofile: + soft: 65536 + hard: 65536 + nproc: 65535 + memlock: + soft: -1 + hard: -1 + cap_add: + - ALL + deploy: + replicas: 1 + update_config: + parallelism: 1 + delay: 10s + resources: + limits: + cpus: "1" + memory: 256M + reservations: + cpus: "1" + memory: 1G + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + window: 10s + ports: + - "9200:9200" + healthcheck: + test: curl --cacert $CERTS_DIR/elastic-certificates.p12 -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi + interval: 30s + timeout: 10s + retries: 5 + networks: + - insylva-net + + kib01: + container_name: kib01 + depends_on: [es01] + image: docker.elastic.co/kibana/kibana:$VERSION + environment: + - SERVER_HOST=0.0.0.0 + - ELASTICSEARCH_URL=http://es01:9200 + - ELASTICSEARCH_HOSTS=http://es01:9200 + - ELASTICSEARCH_USERNAME=elastic + - ELASTICSEARCH_PASSWORD=InSylva1465441881 + volumes: + - type: volume + source: logs + target: /var/log + ports: + - "5601:5601" + ulimits: + nproc: 65535 + memlock: + soft: -1 + hard: -1 + cap_add: + - ALL + deploy: + replicas: 1 + update_config: + parallelism: 1 + delay: 10s + resources: + limits: + cpus: "1" + memory: 256M + reservations: + cpus: "1" + memory: 256M + restart_policy: + condition: on-failure + delay: 30s + max_attempts: 3 + window: 120s + networks: + - insylva-net + consul: image: consul:latest container_name: in-sylva-consul @@ -102,200 +213,7 @@ services: networks: - insylva-net restart: unless-stopped - - odfe-node1: - image: amazon/opendistro-for-elasticsearch:latest - container_name: odfe-node1 - environment: - - cluster.name=odfe-cluster - - node.name=odfe-node1 - - discovery.seed_hosts=odfe-node1,odfe-node2 - - cluster.initial_master_nodes=odfe-node1,odfe-node2 - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - network.host=0.0.0.0 - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems - hard: 65536 - volumes: - - odfe-data1:/usr/share/elasticsearch/data - # - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - # - ./node.pem:/usr/share/elasticsearch/config/node.pem - # - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem - # - ./admin.pem:/usr/share/elasticsearch/config/admin.pem - #- ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem - - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml - - ./tenants.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml - - ./roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml - - ./action_groups.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml - ports: - - 9200:9200 - - 9600:9600 # required for Performance Analyzer - networks: - - insylva-net - depends_on: - - odfe-node2 - restart: unless-stopped - - odfe-node2: - image: amazon/opendistro-for-elasticsearch:latest - container_name: odfe-node2 - environment: - - cluster.name=odfe-cluster - - node.name=odfe-node2 - - discovery.seed_hosts=odfe-node1,odfe-node2 - - cluster.initial_master_nodes=odfe-node1,odfe-node2 - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - network.host=0.0.0.0 - # - discovery.zen.ping.unicast.hosts=odfe-node1 - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - odfe-data2:/usr/share/elasticsearch/data - # - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - # - ./node.pem:/usr/share/elasticsearch/config/node.pem - # - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem - # - ./admin.pem:/usr/share/elasticsearch/config/admin.pem - # - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem - - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml - - ./tenants.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml - - ./roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml - - ./action_groups.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml - networks: - - insylva-net - restart: unless-stopped - - kibana: - image: in-sylva.kibana:latest - container_name: odfe-kibana - ports: - - 5601:5601 - volumes: - - type: volume - source: logs - target: /var/log - # volumes: - # - ./kibana.yml:/usr/share/kibana/config/kibana.yml - environment: - SERVER_HOST: 0.0.0.0 - ELASTICSEARCH_URL: http://odfe-node1:9200 - ELASTICSEARCH_HOSTS: http://odfe-node1:9200 - links: - - odfe-node1 - - odfe-node2 - networks: - - insylva-net - restart: unless-stopped - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 - container_name: elasticsearch1 - environment: - - node.name=elasticsearch1 - - cluster.name=docker-cluster - - cluster.initial_master_nodes=elasticsearch1 - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms256M -Xmx256M" - - http.cors.enabled=true - - http.cors.allow-origin=* - - network.host=_eth0_ - ulimits: - nofile: - soft: 65536 - hard: 65536 - nproc: 65535 - memlock: - soft: -1 - hard: -1 - cap_add: - - ALL - deploy: - replicas: 1 - update_config: - parallelism: 1 - delay: 10s - resources: - limits: - cpus: "1" - memory: 256M - reservations: - cpus: "1" - memory: 1G - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - window: 10s - volumes: - - type: volume - source: logs - target: /var/log - - type: volume - source: esdata1 - target: /usr/share/elasticsearch/data - networks: - - insylva-net - ports: - - 9200:9200 - - 9300:9300 - kibana1: - image: docker.elastic.co/kibana/kibana:7.8.0 - container_name: kibana1 - environment: - SERVER_HOST: 0.0.0.0 - ELASTICSEARCH_URL: http://elasticsearch:9200 - ELASTICSEARCH_HOSTS: http://elasticsearch:9200 - ports: - - 5601:5601 - volumes: - - type: volume - source: logs - target: /var/log - # - ./kibana.yml:/usr/share/kibana/config/kibana.yml - ulimits: - nproc: 65535 - memlock: - soft: -1 - hard: -1 - cap_add: - - ALL - deploy: - replicas: 1 - update_config: - parallelism: 1 - delay: 10s - resources: - limits: - cpus: "1" - memory: 256M - reservations: - cpus: "1" - memory: 256M - restart_policy: - condition: on-failure - delay: 30s - max_attempts: 3 - window: 120s - links: - - elasticsearch - networks: - - insylva-net - search-api: image: in-sylva.search.api:latest container_name: in-sylva.search.api @@ -312,18 +230,18 @@ services: DB_DATABASE: insylva DB_PORT: 5432 - ELK_HOST: odfe-node1 + ELK_HOST: es01 ELK_PORT: 9200 - ELK_USERNAME: admin - ELK_PASSWORD: InSylva146544 + ELK_USERNAME: elastic + ELK_PASSWORD: InSylva1465441881 KEYCLOAK_REALM: in-sylva KEYCLOAK_SERVER_URL: http://keycloak:7000/keycloak/auth KEYCLOAK_CLIENT_ID: in-sylva.user.app links: - postgres - - odfe-node1 - keycloak + - es01 networks: - insylva-net restart: unless-stopped @@ -395,10 +313,10 @@ services: DB_DATABASE: insylva DB_PORT: 5432 - ELK_HOST: odfe-node1 + ELK_HOST: es01 ELK_PORT: 9200 - ELK_USERNAME: admin - ELK_PASSWORD: InSylva146544 + ELK_USERNAME: elastic + ELK_PASSWORD: InSylva1465441881 KEYCLOAK_USERNAME: insylva_admin KEYCLOAK_PASSWORD: v2kGBDUaGjXK2VuPyf5R64VS @@ -421,8 +339,8 @@ services: links: - mongo - postgres - - odfe-node1 - keycloak + - es01 networks: - insylva-net restart: unless-stopped @@ -510,11 +428,11 @@ services: volumes: postgres-data: pgadmin: - odfe-data1: - odfe-data2: + esdata: + certs: portainer_data: logs: - esdata1: + networks: insylva-net: diff --git a/elasticsearch.yml b/elasticsearch.yml index 04eb825..45adbc8 100644 --- a/elasticsearch.yml +++ b/elasticsearch.yml @@ -1,25 +1,25 @@ -opendistro_security.disabled: true -# opendistro_security.ssl.transport.pemcert_filepath: node.pem -# opendistro_security.ssl.transport.pemkey_filepath: node-key.pem -# opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -# opendistro_security.ssl.transport.enforce_hostname_verification: false -# opendistro_security.ssl.http.enabled: false -# opendistro_security.ssl.http.pemcert_filepath: node.pem -# opendistro_security.ssl.http.pemkey_filepath: node-key.pem -# opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -# opendistro_security.allow_default_init_securityindex: true -# opendistro_security.authcz.admin_dn: -# - "CN=admin,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" -# opendistro_security.nodes_dn: -# - "CN=insylva.fr,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" -# - "/CN=.*regex/" -# opendistro_security.audit.type: internal_elasticsearch -# opendistro_security.enable_snapshot_restore_privilege: true -# opendistro_security.check_snapshot_restore_write_privileges: true -# opendistro_security.restapi.roles_enabled: -# ["all_access", "security_rest_api_access"] -# cluster.routing.allocation.disk.threshold_enabled: false -# node.max_local_storage_nodes: 3 -# opendistro_security.audit.config.disabled_rest_categories: NONE -# opendistro_security.audit.config.disabled_transport_categories: NONE -# opendistro_security.allow_unsafe_democertificates: true +# opendistro_security.disabled: true +opendistro_security.ssl.transport.pemcert_filepath: node.pem +opendistro_security.ssl.transport.pemkey_filepath: node-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: false +opendistro_security.ssl.http.pemcert_filepath: node.pem +opendistro_security.ssl.http.pemkey_filepath: node-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - "CN=admin,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" +opendistro_security.nodes_dn: + - "CN=insylva.fr,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" + - "/CN=.*regex/" +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: + ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +opendistro_security.audit.config.disabled_rest_categories: NONE +opendistro_security.audit.config.disabled_transport_categories: NONE +opendistro_security.allow_unsafe_democertificates: true diff --git a/elasticsearch/Dockerfile b/elasticsearch/Dockerfile new file mode 100644 index 0000000..cd057f8 --- /dev/null +++ b/elasticsearch/Dockerfile @@ -0,0 +1,10 @@ +FROM amazon/opendistro-for-elasticsearch:1.9.0 + + +# COPY --chown=elasticsearch:elasticsearch config.yml /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml +# COPY --chown=elasticsearch:elasticsearch custom-elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml +# COPY --chown=elasticsearch:elasticsearch node.pem /usr/share/elasticsearch/config/node.pem +# COPY --chown=elasticsearch:elasticsearch node-key.pem /usr/share/elasticsearch/config/node-key.pem +# COPY --chown=elasticsearch:elasticsearch admin.pem /usr/share/elasticsearch/config/admin.pem +# COPY --chown=elasticsearch:elasticsearch admin-key.pem /usr/share/elasticsearch/config/admin-key.pem +# COPY --chown=elasticsearch:elasticsearch root-ca.pem /usr/share/elasticsearch/config/root-ca.pem diff --git a/elasticsearch/admin-key.pem b/elasticsearch/admin-key.pem new file mode 100644 index 0000000..1dda716 --- /dev/null +++ b/elasticsearch/admin-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKuVFYa6INHskC +DpXdkFFElw5C0BmS401nGZf9zH8waw32LHYBXRi/QNz+jllEnJ1eTgJTIdjG9Z0b +HkId/5rOQcUn59koRB0qnABT0PzNBz87cwCxdVrM9SrptJNu9KbOxI4M0TBa7Fb9 +v4zM1qOOKSnBotxZqCF7CmdpArmhFSqhVYM4B8tD4cEECOIHTwKM/v2mcT6/rpFv +Woq+mxvnp1CFETChqYdIqoRXzo7fiKEr1Lg6rM6HHzjuLNDjGf1J+weXbjKsIXsv +4+M3pXXJfyIlye87Rg3l7WxpjeT1Ma/oRAG7ScOLv20RQu4mfc62rSzVKPw+4r3m +OjdexkX7AgMBAAECggEANbSWmkgZbERlmAfpKANdpEAoZQbgX4ucK94Z6ADPCTKz +Ri5NLNtO/QvgAAgSGh0ri5o6/28OENdswYxok63tgwrlgkbnvsUcvPcLFylcb6yl +0cgLvPeMEJQ6xCM0k8Z4knp772VT3CKUgTDHylRqi/TXvRa6LX5fMEt3TdiM+OE7 +NzAsYBJ9eqZGMVzIAHcsbGaQk2jKOV5moMloEIJrcU5QNAP8eJ3boQR/7mnm0LSO +uGNijXpdjiURgJElOow/FuJo6uaJyxsDzR+hedtfN7mxu2e9JtUgI+vqLPs3+G+l +3XWed9zPXJXC6Qe0RLtkuvN4/AEHM+nV9BVdJwGXQQKBgQD+Gi9LNmlYrudDKw8s +TprNtF6JKuYsQ3I8DV/PjQ0Zx6e+9NKq0osqpK2D8MNuEdR96+JU5Pf2pAX8FH1/ +I5nrAmNBR+PuQQBLw6qdMqwQLUHKhqvLe4MJ1G6d/BWKME6a3OVRqRxvesRJyiX3 +xDKp22NfnjqruTCGC3T1NnFnEQKBgQDMPOc8OEAla4ySM2fsFQTRcVbdJFJ1GLLh +0xnywN4S0fjhtipJHEI/SRHWOAKHTP2LxtxQ3IyaqLMmS8zmhy7GD8a5o+sKzQYD +CenZU/bu9QUGZAc3yyuSbdsyNR/P/uYdfdtA1/IQx5+jhEuRBX6U+Kgy9jNrqxpv +zDZzfQPUSwKBgQDS8N/T+06G3WOEYgmNiY9/Nr3H9wHvOuppKd0gyoJWpWT+4/TC +9FetRdn5jvRdupWBF0HjodSrPkztkAECe4Z6DphhCBISpoldXAiVyQwHvdpBC30w +Rc9paJ2Pr0YeWq3WZ4xDNzUw4mRysUrFnW1Fjqe3J/6isfCzRm2IZvLLUQKBgDDq +8XOSAYM09FFcMKryCdpkbCrBdWKIjOfb2R40pbwaQKNHL2+dbhycUsJdXfWsMhpV +ghV4DdFJUMd+ZlBc1o4n3zA9m6FVo/f8Wt9r5fwsAY0bTkNFzWTgHR00bi8yXUl5 +CJfKYTc1qP3QRQ0yJLRnrlmucHh8XfOjFPOqYM1rAoGBAKwJMl1sWakpYMZo6IAl +/ZeatJ3aokUKrSdSTLILqwCbhs73o/YkzsBP5YFyGnzAuvbcCButvYrGgtn506r3 +0uAP+jDPnNh+KngFc1y8sL2naz58tzxsOq5jQCCivhyab7u4K0KitgplVumwF7e6 +w2YXPeAV/gTXaADmrEVPlYxD +-----END PRIVATE KEY----- diff --git a/elasticsearch/admin.pem b/elasticsearch/admin.pem new file mode 100644 index 0000000..e59171a --- /dev/null +++ b/elasticsearch/admin.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRjCCAi4CFCFrYZBerplClvWabUIF16kVNBRkMA0GCSqGSIb3DQEBCwUAMFsx +CzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRAwDgYDVQQHDAdBVklHTk9OMQ0w +CwYDVQQKDARJTlJBMRAwDgYDVQQLDAdJTlNZTFZBMQowCAYDVQQDDAFOMB4XDTIw +MDcyMTA5MTY1NFoXDTIwMDgyMDA5MTY1NFowZDELMAkGA1UEBhMCRlIxDTALBgNV +BAgMBFBBQ0ExEDAOBgNVBAcMB0FWSUdOT04xDTALBgNVBAoMBElOUkExEDAOBgNV +BAsMB0lOU1lMVkExEzARBgNVBAMMCmluc3lsdmEuZnIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDKuVFYa6INHskCDpXdkFFElw5C0BmS401nGZf9zH8w +aw32LHYBXRi/QNz+jllEnJ1eTgJTIdjG9Z0bHkId/5rOQcUn59koRB0qnABT0PzN +Bz87cwCxdVrM9SrptJNu9KbOxI4M0TBa7Fb9v4zM1qOOKSnBotxZqCF7CmdpArmh +FSqhVYM4B8tD4cEECOIHTwKM/v2mcT6/rpFvWoq+mxvnp1CFETChqYdIqoRXzo7f +iKEr1Lg6rM6HHzjuLNDjGf1J+weXbjKsIXsv4+M3pXXJfyIlye87Rg3l7WxpjeT1 +Ma/oRAG7ScOLv20RQu4mfc62rSzVKPw+4r3mOjdexkX7AgMBAAEwDQYJKoZIhvcN +AQELBQADggEBAAOoa6AfyTnULoRwo9bbGSCApXmOrMmgUw/0V1NtQNDMwBpKD2aJ +Zsvscgr/qwfVthdso9OVEHkJNOTQ9dTiXZMHs4vZJUOFUD0gR9PQiXoCCmGNu8tC +VZUSA4CuT0IUH8OxP1QOrKMUigI5xkfyxKvI55+/3W6p3sFStLwFl1NIgDIU1QTn +ewic9TVyT3EYkHyXLOPVug+Z6L9j/9/FAp1+5epLekaEqdQZxjqPPDWgtQEHCWw2 +E8QYW00UpxwCPeYqb8JbQAld2WQ8feAoecvERjKXP9kXjAzdqBbTHx8Dy6IWQe0d +b7scTW9zlGUpYDSqwqAlD7jdq+5Zs8QKGSE= +-----END CERTIFICATE----- diff --git a/elasticsearch/config.yml b/elasticsearch/config.yml new file mode 100644 index 0000000..f1214ef --- /dev/null +++ b/elasticsearch/config.yml @@ -0,0 +1,23 @@ +opendistro_security: + dynamic: + authc: + basic_internal_auth_domain: + enabled: true + order: 0 + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: internal + openid_auth_domain: + enabled: true + order: 1 + http_authenticator: + type: openid + challenge: false + config: + subject_key: preferred_username + roles_key: roles + openid_connect_url: http://147.100.20.44:7000/keycloak/auth/realms/in-sylva/.well-known/openid-configuration + authentication_backend: + type: noop \ No newline at end of file diff --git a/elasticsearch/custom-elasticsearch.yml b/elasticsearch/custom-elasticsearch.yml new file mode 100644 index 0000000..45adbc8 --- /dev/null +++ b/elasticsearch/custom-elasticsearch.yml @@ -0,0 +1,25 @@ +# opendistro_security.disabled: true +opendistro_security.ssl.transport.pemcert_filepath: node.pem +opendistro_security.ssl.transport.pemkey_filepath: node-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: false +opendistro_security.ssl.http.pemcert_filepath: node.pem +opendistro_security.ssl.http.pemkey_filepath: node-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - "CN=admin,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" +opendistro_security.nodes_dn: + - "CN=insylva.fr,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR" + - "/CN=.*regex/" +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: + ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +opendistro_security.audit.config.disabled_rest_categories: NONE +opendistro_security.audit.config.disabled_transport_categories: NONE +opendistro_security.allow_unsafe_democertificates: true diff --git a/elasticsearch/node-key.pem b/elasticsearch/node-key.pem new file mode 100644 index 0000000..c5fa744 --- /dev/null +++ b/elasticsearch/node-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvJvrXeYMgHWi2 +jfdClZ5Uirgy80EyYjoomPpfrUSBKdvfbvsBwxy0j04GgbxopIVicf2C58bjG0Sg +uhmoV4zGriHl6j/s9RX7thEnrP55oW+IK6RxZOgQPhQBO7E+7gUha5Qn2wammbGh +fnc/kshIbPit7tD4QDfDPrTeZH/3wALKnRFlk2Az5CPKmr6vGuNoJIae58iYJCpB +X4Z2swdFmK7kZoDy1IlZpBzLYF9Pu6R1M5K6tTVJS1MjR2a14gEMkjDCT7eoBxQT +trlZ5u1t4x1bQLk/NIObxt1bqTCJh6tr4Z1zKs5Me6ZHi1Tcg8kQp7N0fht5XJEp +pednEv7FAgMBAAECggEBAKb+3kkVNN0ozQ7JOoeEiaoHfOovHelA2Dye5pDUba1M +0LMuaCnc8oCA5Z60kYOf4QDkuBXYkLs142/vH8lud+1yVyWT+5Ecd/I/PAn9Gb+0 +GNfW7HmlANGDrqUiWbMrUz7zCBYb8TJk9YSJRH8bntPW+h8zxI/9Am2oWuBzJ8N4 +/L4alu4LdqiT7jqZEDZBBdKuQpI11IrZUK7IbExLRbV0Etb5Xvo5jV/SgEWtKH75 +4QcZH6P9hjRVHNLR1KxQ0RN6QezgDtgMaxeoqsiH5Xai7locgaDy9t6FduBnJsbr +p1UTnNLakXhLsrpA6BTIUheIFIGHol4grrn+BC6NpT0CgYEA5jCLxAfIxGcDabk+ +jOsqqogi27pKpr5UFMM7rNIQR8cPNPLXS8Sholjq2NpTpkJpNk6VeKQG45pgjdmt +4bPog0X3aJD9Q4gGjFE+JEQNo2J9q1MtP/v33UvHWtbGruEidvmjgMWjGL7oVxja +GsMxgq2MEque7148twjBzPFczksCgYEAwsqenHKlxyZ7BR9UY/KyPy1qIaNX1jz8 +KDlHCv0Ddh5R/FBBlzCt77g8fL7cIcZEN8N0HfnmIai1dtOSNFVauCTxyblxxaic +Xd8s6+uLbiDpeZDTZNIoYfPMV0rXvBnY4+3qFVNxrJ45kaK6gmQ2bJaIVUqIUynZ +SUXUmo/b/S8CgYEAyNnTGlkwdS7ta3KXgZ4wvFvNDqyeNqAb/YHcsA8a5YZrXmgG +M7Z+0omDYXQfSRLpetlW0s1MtYwec6dccXPpjaGfHz5jvmkSTZ0V+87ll4p43OTW +tt3EiPN2H20IL8+Bow5v/Ax3I0Bwuo6UwIVQzhVgA2p8Y6B2mb6qW4i+0cECgYBf +cotv25mx0QA8zVI7u2NuI6G6o+BZgP6J8y8Fil7U1RyVRvoszFSefydcdOVGw3EP +5f0S5y3F1nY8qIUekahnTOsRToYaNXmRYdcQLxXeO9BLmhSLdZMGFEFPkMPPTtcB +MMYf9whfbhSFcTh0xggJA2YAbQoJvhrTlZ0Ms2s3TwKBgQCKrElO4iPh1W8HDD7i +DJ1nmx8Kh4pJkCafj1TTkf1BQztxKuhkz0y9cTOtANc+2bldTqsxIpijK/T/+p+H +6Jlv2otzxf1tQ+AIwP07/z3U+bKYgymuIoH32xDFa4Xcle2KDm+wW88AZ0irJ8v2 +qLcpav3GK+c8elBKUOYFSHB4nQ== +-----END PRIVATE KEY----- diff --git a/elasticsearch/node.pem b/elasticsearch/node.pem new file mode 100644 index 0000000..d02bbb5 --- /dev/null +++ b/elasticsearch/node.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRjCCAi4CFCFrYZBerplClvWabUIF16kVNBRlMA0GCSqGSIb3DQEBCwUAMFsx +CzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRAwDgYDVQQHDAdBVklHTk9OMQ0w +CwYDVQQKDARJTlJBMRAwDgYDVQQLDAdJTlNZTFZBMQowCAYDVQQDDAFOMB4XDTIw +MDcyMTA5MTcxMloXDTIwMDgyMDA5MTcxMlowZDELMAkGA1UEBhMCRlIxDTALBgNV +BAgMBFBBQ0ExEDAOBgNVBAcMB0FWSUdOT04xDTALBgNVBAoMBElOUkExEDAOBgNV +BAsMB0lOU1lMVkExEzARBgNVBAMMCmluc3lsdmEuZnIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCvJvrXeYMgHWi2jfdClZ5Uirgy80EyYjoomPpfrUSB +KdvfbvsBwxy0j04GgbxopIVicf2C58bjG0SguhmoV4zGriHl6j/s9RX7thEnrP55 +oW+IK6RxZOgQPhQBO7E+7gUha5Qn2wammbGhfnc/kshIbPit7tD4QDfDPrTeZH/3 +wALKnRFlk2Az5CPKmr6vGuNoJIae58iYJCpBX4Z2swdFmK7kZoDy1IlZpBzLYF9P +u6R1M5K6tTVJS1MjR2a14gEMkjDCT7eoBxQTtrlZ5u1t4x1bQLk/NIObxt1bqTCJ +h6tr4Z1zKs5Me6ZHi1Tcg8kQp7N0fht5XJEppednEv7FAgMBAAEwDQYJKoZIhvcN +AQELBQADggEBAFCEL0wNxwWIvggU67JAdgswk6rkcuoKx6wiu8HMs7mgiEnbPBZc +wmzvfn+vemPbUJmStEUe5EzEqnEBVD4rFrx5cOzXQuCLw2+74K5wrZRi2HHdLS9i +ZLK2VojdygBJXgmf1uhTRoHIdPVU/sFPjvcBJ95H3H1pWDQfsUwGAFmn+Io902Qc +Oi4BhuAmnnpvGT/ai8cHg6+bfo88T4AsAmSB31h4neCVMmiAcdEgCAlkes1w06TX +a4o9n0OtK2L7vU4/wz9RdJ7fBExpPQae1UlG+vsQbWs15MNkO1X+GWhap5ASw8b3 +gDtP03LBya0FWfEpzGBOBVN/o/VbtQUtdek= +-----END CERTIFICATE----- diff --git a/root-ca-key.pem b/elasticsearch/root-ca-key.pem similarity index 100% rename from root-ca-key.pem rename to elasticsearch/root-ca-key.pem diff --git a/root-ca.pem b/elasticsearch/root-ca.pem similarity index 100% rename from root-ca.pem rename to elasticsearch/root-ca.pem diff --git a/elasticsearch/root-ca.srl b/elasticsearch/root-ca.srl new file mode 100644 index 0000000..588e4f0 --- /dev/null +++ b/elasticsearch/root-ca.srl @@ -0,0 +1 @@ +216B61905EAE994296F59A6D4205D7A915341465 diff --git a/kibana.yml b/kibana.yml index 28529ec..9b3f36d 100644 --- a/kibana.yml +++ b/kibana.yml @@ -1,18 +1,18 @@ server.name: kibana server.host: "0" -# opendistro_security.auth.type: "basicauth" -# opendistro_security.basicauth.enabled: false +opendistro_security.auth.type: "basicauth" +opendistro_security.basicauth.enabled: true # opendistro_security.multitenancy.enabled: true # opendistro_security.multitenancy.show_roles: true # opendistro_security.multitenancy.enable_filter: true # opendistro_security.multitenancy.tenants.enable_global: true # opendistro_security.multitenancy.tenants.enable_private: true -opendistro_security.auth.type: "openid" -opendistro_security.openid.connect_url: "http://147.100.20.44:7000/keycloak/auth/realms/in-sylva/.well-known/openid-configuration" -opendistro_security.openid.client_id: "kibana-sso" -opendistro_security.openid.client_secret: "841d796a-bc3a-4cc8-9fb9-bed6221f66b4" +# opendistro_security.auth.type: "openid" +# opendistro_security.openid.connect_url: "http://147.100.20.44:7000/keycloak/auth/realms/in-sylva/.well-known/openid-configuration" +# opendistro_security.openid.client_id: "kibana-sso" +# opendistro_security.openid.client_secret: "6adc200f-9943-4d18-bf68-fb209881103e" elasticsearch.hosts: "http://localhost:9200" elasticsearch.ssl.verificationMode: none @@ -20,5 +20,5 @@ elasticsearch.username: "kibanaserver" elasticsearch.password: "InSylva146544" elasticsearch.requestHeadersWhitelist: ["securitytenant", "Authorization"] -# opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] -# opendistro_security.readonly_mode.roles: ["kibana_read_only"] +opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.readonly_mode.roles: ["kibana_read_only"] diff --git a/kibana/Dockerfile b/kibana/Dockerfile index 524d5dc..93390be 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -1,3 +1,3 @@ FROM amazon/opendistro-for-elasticsearch-kibana:1.9.0 -RUN /usr/share/kibana/bin/kibana-plugin remove opendistro_security +# RUN /usr/share/kibana/bin/kibana-plugin remove opendistro_security COPY --chown=kibana:kibana kibana.yml /usr/share/kibana/config/ \ No newline at end of file diff --git a/kibana/kibana.yml b/kibana/kibana.yml index aa39a94..138965e 100644 --- a/kibana/kibana.yml +++ b/kibana/kibana.yml @@ -9,6 +9,11 @@ server.host: "0" # opendistro_security.multitenancy.tenants.enable_global: true # opendistro_security.multitenancy.tenants.enable_private: true +# opendistro_security.auth.type: "openid" +# opendistro_security.openid.connect_url: "http://147.100.20.44:7000/keycloak/auth/realms/in-sylva/.well-known/openid-configuration" +# opendistro_security.openid.client_id: "kibana-sso" +# opendistro_security.openid.client_secret: "6adc200f-9943-4d18-bf68-fb209881103e" + elasticsearch.hosts: "http://localhost:9200" elasticsearch.ssl.verificationMode: none elasticsearch.username: "kibanaserver" diff --git a/node-key.pem b/node-key.pem deleted file mode 100644 index 609d074..0000000 --- a/node-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUB7re6DRNeXF -T9yaBSK4nmODb5bCa7X8lz2v9/X2VO+wZZivMCqJhPxFgrZc1XoE9l/qtzT1nwS7 -NOMe+5X1J9awTD9viUR+nWoM+KJ5GIhdjkpFEthU4TDdRinQYD+ZLz/Fho5cf4sd -l2pPOOGHiCZmyOB8OBmqTo3nE6E3qkdr6xA6l8faWADYlNHBoy8xJJNZxazBg81B -JzgB7SjvGjizfmY3ThM6cXsMDs7Q6P3S15oyNqfr6JELWgWbxJZJAsxv6HKGvycW -5cWQU6918pb2WfhzmnRcTvN/hS/1udtPhq117DjJjC+nZA6GGLYfOjwoh8UdlbGG -NiJdbsthAgMBAAECggEAE1iJwCN/TtuZGx8TmhGIRqmh8o2UtVZYhM+b8/8mOefr -qM36oEtGqzSGcb+f+sfhE/0BNrMoebowYDUy5lVTEd4kOYj6R6OvW2ORP3HdWznK -UQNNi9nFxFJnubv2ZLn7IqNxw2+s2qK/IbbdVoOm2Llyx0nimM1jWgR2ipBOW+Tr -mFsMIZUHI9awpMvqlRzJShEQAeYB49hkrRfNqz15UwAvkeVzhou8C7RSXP5rNzPn -GTejKykbPlnzJ4FRLVKmin2ytXQw7lIrZ/ysZsfmjZHMYs9DKfRlENgDlwO8gum4 -2SI6D9TU9bsKTvMUSOUlXB25i6Hn9NKXlYymW1/v4QKBgQDnRPuGb8OlMtZjTJKI -dztHZvtSQaP6pBBaz+m9P3EfC06X81kX4HCn03g3CwvapXQOcHYSPNxuACmKGzBP -5ZbfhxGb0bfQ1RkPQPZpIJwEDn3zz5SqVkG1uxwXzfjKFk/t8Ku7qLVRu+WFXEdW -WV+TEjkyB6T/2l8pEYrkJsW9jQKBgQDe1xPGvQrmN2gRqHCMZidCUYEM8dc8z7iG -8yGQbFiSHz4Rqrk00AaH9bbDVzwDyz0Snv9kPLgGZseAf04vD13tgSPJ0DtEBUHd -3ZLUseE9G4LdqNupmqQlQXhEXEvzI14RWYb/s2hMUyinxg5ceWh7NI0LX7/pVATY -SEWglIt+JQKBgQCWorDuJNgbPxyzOwnqxzaeUG58anLja3+XlvsZIDyPSu8bPA8Y -5UCbn7sapyBGfyQzz36obGnrYEGuSf1S3SlDWRfYFWaUKGkVLWwSl4HnhoT1jIy5 -0kskksY+nxNgld3kDrHdHotTvH5IOg3hKX9+LQ2CD8aiO9tlxZ5g8vwzdQKBgQDQ -qUaMZwHotmMNfdL9tL34PIeBzocEG2Gng8yfBsUc9oJRWrKYAF7NOskLOwkoaEvk -vttYSf7rh5wx94MHT/Vc6vrPA9wrAl092jeeUH4fkT5GPtKJixM/C4IJSP+ZSTnR -NyrRDnaQWaIND8js0IaEL54O03bJjnIG8A26or3HvQKBgQDlQBrVJx2lvMRGdfGm -OmYdDadx0pr+46CopaNwHywPYacedG32yOaP/+bukto4IOdWhc/Sbv9NQDPQIq8v -qT56dzsTFzEskH/DkvwHv6VcH64XzcnaJ3w68zkt4/hgAPVqACgyaDvleCas+WVb -8cxNhRON+oK4x+OaS6HRQu3j1Q== ------END PRIVATE KEY----- diff --git a/node.pem b/node.pem deleted file mode 100644 index cfa07f3..0000000 --- a/node.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRjCCAi4CFCFrYZBerplClvWabUIF16kVNBRhMA0GCSqGSIb3DQEBCwUAMFsx -CzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRAwDgYDVQQHDAdBVklHTk9OMQ0w -CwYDVQQKDARJTlJBMRAwDgYDVQQLDAdJTlNZTFZBMQowCAYDVQQDDAFOMB4XDTIw -MDUwMjAxMzI1NVoXDTIwMDYwMTAxMzI1NVowZDELMAkGA1UEBhMCRlIxDTALBgNV -BAgMBFBBQ0ExEDAOBgNVBAcMB0FWSUdOT04xDTALBgNVBAoMBElOUkExEDAOBgNV -BAsMB0lOU1lMVkExEzARBgNVBAMMCmluc3lsdmEuZnIwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDJUB7re6DRNeXFT9yaBSK4nmODb5bCa7X8lz2v9/X2 -VO+wZZivMCqJhPxFgrZc1XoE9l/qtzT1nwS7NOMe+5X1J9awTD9viUR+nWoM+KJ5 -GIhdjkpFEthU4TDdRinQYD+ZLz/Fho5cf4sdl2pPOOGHiCZmyOB8OBmqTo3nE6E3 -qkdr6xA6l8faWADYlNHBoy8xJJNZxazBg81BJzgB7SjvGjizfmY3ThM6cXsMDs7Q -6P3S15oyNqfr6JELWgWbxJZJAsxv6HKGvycW5cWQU6918pb2WfhzmnRcTvN/hS/1 -udtPhq117DjJjC+nZA6GGLYfOjwoh8UdlbGGNiJdbsthAgMBAAEwDQYJKoZIhvcN -AQELBQADggEBAFXWTMpG0AIJXFv2r0X7rD0bqyrvMAegMTqkOaauYFRNGSN8Z6SZ -Gbxm0//54pu4dCTZ01MGpxgO/Ip7Dps6EgJOUbG4wXRH3VZYrYdjdHIjy6UlHgwc -5zgK+1vokIFzHMHnmXmORSz4APemfs+Mp/GzpEc/S4DI7w3OwB5ZczGGtKIv9Oe/ -t0j6D+qzD6ChlVvWcwYRW5ZWI1emQEUl5P0V+zl9WIu9QoUUzAbMgxzpWhonWiEW -nr6b65OcoeCDTTA0JSQ6O2btVeq9+4sb8rKMY1imws4kWpv/cA7WZv9J/eklOLWw -m4Z8m8SD7bm3nq8YJewkTorEWetBTbxVNy8= ------END CERTIFICATE----- diff --git a/root-ca.srl b/root-ca.srl deleted file mode 100644 index e06bbb6..0000000 --- a/root-ca.srl +++ /dev/null @@ -1 +0,0 @@ -216B61905EAE994296F59A6D4205D7A915341461