[ELK] Elasticsearch 'curl: (52) Empty reply from server' 에러

발단

root@ubuntu:/var/log/elasticsearch# curl -X GET "localhost:9200"
curl: (52) Empty reply from server

[WARN ][o.e.h.n.Netty4HttpServerTransport] [ubuntu] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52654}
root@ubuntu:/var/lib# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-02-05 01:48:23 UTC; 2min 53s ago
       Docs: https://www.elastic.co
   Main PID: 32382 (java)
      Tasks: 82 (limit: 19140)
     Memory: 8.4G
        CPU: 1min 35.089s
     CGroup: /system.slice/elasticsearch.service
             ├─32382 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasticsearch -Dcli.libs=lib/tools/server-
             ├─32442 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+AlwaysPreTouch -Xss1m -D
             └─32466 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Feb 05 01:47:55 ubuntu systemd[1]: Starting Elasticsearch...
Feb 05 01:48:05 ubuntu systemd-entrypoint[32442]: CompileCommand: exclude org/apache/lucene/util/MSBRadixSorter.computeCommonPrefixLengthAndBuildHistogram bool exclude = true
Feb 05 01:48:05 ubuntu systemd-entrypoint[32442]: CompileCommand: exclude org/apache/lucene/util/RadixSelector.computeCommonPrefixLengthAndBuildHistogram bool exclude = true
Feb 05 01:48:06 ubuntu systemd-entrypoint[32382]: Feb 05, 2024 1:48:06 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 05 01:48:06 ubuntu systemd-entrypoint[32382]: WARNING: COMPAT locale provider will be removed in a future release
Feb 05 01:48:23 ubuntu systemd[1]: Started Elasticsearch.
 ESCOC

• elasticsearch 설치 후 확인을 위해 'curl -X GET "localhost:9200"'을 쳤으나 'Empty reply from server'를 받음
• elasticsearch의 로그 확인결과 디폴트 포트인 9200으로 수신은 확인됨
• 혹시몰라 'systemctl status elasticsearch' elasticsearch의 정상작동 또한 확인함

---

조치

• 해당 문제는 elasticsearch의 기본 보안 설정 문제로 판명남(SSL/TLS)
• 이 문제를 해결하는 방법은 2가지가 있는데 하나는 설정파일을 건들어서 해당부분을 아에 꺼버리거나 다른하나는 로그인 인증서를 등록하여 접속하는 방법임이다
• 두가지 방법 다 적어볼 생각이다.
• 필자는 참고로 방법 1를 사용하였다.

방법1 (보안사항 끄기)

root@ubuntu:/usr/share/elasticsearch# vi /etc/elasticsearch/elasticsearch.yml

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["ubuntu"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

>>>>>>>>>

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 05-02-2024 01:43:07
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["ubuntu"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

• 'elasticsearch.yml' 설정 파일에서 맨밑 보안 관련 항목들의 'true'부분을 다 'false' 수정하면 된다
• 직후  elasticsearch를 재시작하면 된다.

방법2 (보안 계정 설정 후 인증서 로그인하기)

root@ubuntu:/var/lib# cd /usr/share/elasticsearch/
root@ubuntu:/usr/share/elasticsearch# ll
total 2228
drwxr-xr-x   7 root root    4096 Feb  5 01:43 ./
drwxr-xr-x 120 root root    4096 Feb  5 01:42 ../
-rw-r--r--   1 root root 2239562 Jan 11 10:07 NOTICE.txt
-rw-r--r--   1 root root    8426 Jan 11 10:04 README.asciidoc
drwxr-xr-x   2 root root    4096 Feb  5 01:43 bin/
drwxr-xr-x   8 root root    4096 Feb  5 01:43 jdk/
drwxr-xr-x   5 root root    4096 Feb  5 01:43 lib/
drwxr-xr-x  82 root root    4096 Feb  5 01:43 modules/
drwxr-xr-x   2 root root    4096 Jan 11 10:12 plugins/
#보안 설정을 위해 이동

root@ubuntu:/usr/share/elasticsearch# ./bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y


Password for the [elastic] user successfully reset.
New value: ~~~~~~~~~~~~
#계정 생성

root@ubuntu:/usr/share/elasticsearch# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "ubuntu",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "iAMpG8AsRcyhOARhPzc1Rg",
  "version" : {
    "number" : "8.12.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "1665f706fd9354802c02146c1e6b5c0fbcddfbc9",
    "build_date" : "2024-01-11T10:05:27.953830042Z",
    "build_snapshot" : false,
    "lucene_version" : "9.9.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

• 환경이 Dockck면 http_ca.crt의 위치가 다를 것이며 해당부분은 공식메뉴얼을 참고바란다.
  (https://www.elastic.co/guide/en/elasticsearch/reference/8.12/install-elasticsearch.html)

참고

https://nanglam.tistory.com/33

curl: (52) Empty reply from server #ElasticSearch 8.3.3

https://velog.io/@junsugi/Elasticsearch-curl-52-Empty-reply-from-server-에러