
测试 Elasticsearch 实例连通性,一般为 9200 端口,可得到以下 JSON 格式的返回结果,则说明 Elasticsearch 实例正常运行,为了表示方便,以下 "Elasticsearch" 简称为 "ES"。
root@hetzner-dedi /usr/local/elasticsearch/config # curl -k -u elastic:'your-password' https://localhost:9200
{
"name" : "hetzner-dedi",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "jPOLB2d8QKi-OlYjPrAo_g",
"version" : {
"number" : "9.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c402c2b36d90eae29c0182f86bd9050fd0b746cc",
"build_date" : "2026-05-25T22:10:36.017759931Z",
"build_snapshot" : false,
"lucene_version" : "10.4.0",
"minimum_wire_compatibility_version" : "8.19.0",
"minimum_index_compatibility_version" : "8.0.0"
},
"tagline" : "You Know, for Search"
}这能验证 ES 服务正常响应,带证书校验进行测试
root@hetzner-dedi ~ # curl --cacert /usr/local/elasticsearch/config/certs/http_ca.crt \
-u elastic:'' \
https://localhost:9200
{
"name" : "hetzner-dedi",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "jPOLB2d8QKi-OlYjPrAo_g",
"version" : {
"number" : "9.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c402c2b36d90eae29c0182f86bd9050fd0b746cc",
"build_date" : "2026-05-25T22:10:36.017759931Z",
"build_snapshot" : false,
"lucene_version" : "10.4.0",
"minimum_wire_compatibility_version" : "8.19.0",
"minimum_index_compatibility_version" : "8.0.0"
},
"tagline" : "You Know, for Search"
}默认的 ES 配置文件 elasticsearch.yml 配置了 xPack,要求所有连接通过 HTTPS 加密
xpack.security.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
http.host: 0.0.0.0ES 自动安全配置会生成:
http_ca.crt:签发 HTTP 层证书的 CA 证书;http.p12:当前节点 HTTP 层使用的 key/cert keystore;transport.p12:节点间通信 transport 层使用的 keystore。
xpack.security.http.ssl.enabled: true 开启,使用自签 CA http_ca.crt
若直接连接 ES 实例会导致校验证书失败,是因为 GitLab 不信任 ES 实例的证书
root@hetzner-dedi ~/workspace # gitlab-rake gitlab:elastic:info
GitLab version: 19.1.0
Advanced Search
Server version: unknown
Server distribution: unknown
rake aborted!
Gitlab::Search::Client::ConnectionError: Search is currently unavailable. Please try again later. (Gitlab::Search::Client::ConnectionError)
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:28:in `rescue in perform_request'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:17:in `perform_request'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:237:in `alias_exists?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:360:in `target_index_names'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:352:in `target_index_name'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:331:in `get_meta'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:575:in `display_search_application_settings'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:546:in `info'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:75:in `execute'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:167:in `block (3 levels) in <main>'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Caused by:
Faraday::ConnectionFailed: SSL peer certificate or SSH remote key was not OK (Faraday::ConnectionFailed)
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/instrumentation/elasticsearch_transport.rb:16:in `perform_request'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:237:in `alias_exists?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:360:in `target_index_names'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:352:in `target_index_name'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/search/elastic/helper.rb:331:in `get_meta'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:575:in `display_search_application_settings'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:546:in `info'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/services/search/rake_task_executor_service.rb:75:in `execute'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:167:in `block (3 levels) in <main>'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Tasks: TOP => gitlab:elastic:info
(See full trace by running task with --trace)如何使其正常接受来自 HTTPS 通道流量,参考如下
复制到 GitLab 受信任证书目录
GitLab 的受信任证书目录通常位于 /etc/gitlab/trusted-certs 目录
sudo cp /usr/local/elasticsearch/config/certs/http_ca.crt /etc/gitlab/trusted-certs/es-http-ca.crt
sudo chmod 644 /etc/gitlab/trusted-certs/es-http-ca.crt重新配置并启动实例
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart在 GitLab 里验证
Indexing enabled: yesSearch enabled: yesCode search enabled: yes
此处对应以下三种具体搜索开关
Turn on indexing for advanced search:开启索引器,创建空索引,跟踪新数据;Search with advanced search:让 GitLab 搜索功能使用 Advanced Search;Code search with advanced search:让代码搜索使用 Advanced Search。
root@hetzner-dedi ~ # gitlab-rake gitlab:elastic:info
GitLab version: 19.1.0
Advanced Search
Server version: 9.4.2
Server distribution: elasticsearch
Indexing enabled: yes
Search enabled: yes
Code search enabled: yes
Requeue Indexing workers: no
Pause search cluster indexing: no
Pause advanced search indexing: no
Indexing restrictions enabled: no
File size limit: 1024 KiB
Index version: 19.1.0-ee
Indexing number of shards: 2
Max code indexing concurrency: 30
Prefix: gitlab
Client adapter: typhoeus
Indexing Queues
Initial queue: 0
Incremental queue: 0
Concurrency limit code queue: 0
Pending Migrations
There are no pending migrations.
Current Migration
There is no current migration.
Current Zero-downtime Reindexing Tasks
There is no current reindexing task.
Indices
- gitlab-production-20260701-1559:
document_count: 29
number_of_shards: 5
number_of_replicas: 1
- gitlab-production-commits-20260701-1559:
document_count: 9
number_of_shards: 5
number_of_replicas: 1
······
······初次索引流程需要在 admin 后台打开,Admin Area -> Settings -> Search,勾选 Turn on indexing for advanced search,点击 Index the instance,等待索引完成再勾选 Search with advanced search
参考资料
Install Elasticsearch from archive on Linux or MacOS | Elastic Docs