* Search Guard and Elasticsearch version: 5.5.2
here is what I tried in my elasticsearch.yml
```
path:
logs: /tmp
conf: /usr/share/elasticsearch/config
cluster.name: ${CLUSTER_NAME}
node:
name: ${NODE_NAME}
master: ${NODE_MASTER}
data: ${NODE_DATA}
ingest: ${NODE_INGEST}
discovery.zen:
minimum_master_nodes: ${MINIMUM_MASTER_NODES}
ping.unicast.hosts: ${HOSTS}
network.host: ${NETWORK_HOST}
http:
enabled: ${HTTP_ENABLE}
compression: true
cors:
enabled: ${HTTP_CORS_ENABLE}
allow-origin: ${HTTP_CORS_ALLOW_ORIGIN}
searchguard:
ssl.transport:
enabled: true
enable_openssl_if_available: true
pemkey_filepath: searchguard/ssl/elastic.key.pem
pemcert_filepath: searchguard/ssl/elastic.crtfull.pem
enforce_hostname_verification: false
ssl.http:
enabled: ${HTTP_SSL}
# clientauth_mode: REQUIRE
clientauth_mode: OPTIONAL
enable_openssl_if_available: true
pemkey_filepath: searchguard/ssl/elastic.key.pem
pemcert_filepath: searchguard/ssl/elastic.crtfull.pem
enforce_hostname_verification: false
authcz.admin_dn:
- "CN=elastic ,OU=devops, C=COM"
```
kibana.yml
```
server.port: 5601
server.host: '0.0.0.0'
elasticsearch.url: 'http://elasticsearch:9200'
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"
searchguard.cookie.password: "defaultcookie"
elasticsearch.ssl.verificationMode: "certificate"
elasticsearch.requestHeadersWhitelist: [ "authorization", "x-forwarded-for", "x-forwarded-by", "x-proxy-user", "x-proxy-roles" ]```