Elastic APM, APM service configuration, secure access, accessToken mode under TSL/SSL

How to configure accessToken access, Official document address

Apm-server.auth.secret in the apm-server configuration file apm-server.yaml_ Token defines a string, for example:
`apm-server.auth.secret_token : 123456xxx
`

Then configure Node.js in your client Agent. Example: Source Github address

var apm = require('elastic-apm-node').start({
    // Override service name from package.json
    // Allowed characters: a-z, A-Z, 0-9, -, _, and space
    serviceName: 'zipcode service',
  
    // Use if APM Server requires a token
    secretToken: '123456xxx',    //Pay attention here
  
    // Set custom APM Server URL (default: http://localhost:8200)
    serverUrl: 'https://localhost:8200',
  })

Then restart the APM server, restart the client, log in to kibana, and you can see the instance in the APM console. If the agent is not configured with secretToken access, an error will be reported.

The above process is SSL/TSL access without APM server, which will bring a security problem. Credentials can be easily stolen through http requests, so it needs to be configured as https service. This is an officially recommended practice.

SSL/TSL configuration on the official website Document address This is in English and is not detailed. Recommend a more detailed tutorial, address

Most of the operations in this tutorial are correct, but there are also some errors, such as the following code:

var apm = require('elastic-apm-node').start({
    // Override service name from package.json
    // Allowed characters: a-z, A-Z, 0-9, -, _, and space
    serviceName: 'zipcode service',
  
    // Use if APM Server requires a token
    secretToken: '1234561',
  
    //After the ca is configured, it is already an https server
    // Set custom APM Server URL (default: http://localhost:8200)
    serverUrl: 'http://localhost:8200 '/ / this is an error
    serverUrl: 'https://localhost:8200 '/ / this is correct
 
    verifyServerCert: true,
    serverCaCertFile: "ca.crt"
  })

If you don't correct it, directly follow the code in the tutorial, APM server will report APM server transport error (400): unexpected APM server response \ nclient send an HTTP request to an HTTPS server. \ n ", which means that the client has sent an HTTP request to the HTTPS server.

In addition, in the tutorial:

Another note: we can use the following command to put a.crt Convert certificate to a .pem Certificate of:

openssl x509 -in mycert.crt -out mycert.pem -outform PEM

This does not affect our configuration. You don't have to watch it. I was affected when I read the tutorial.

PS: there is another point to note. When generating the certificate in the tutorial, the name passed is localhost. The generated certificate is also localhost.crt and localhost.key. Here is the HTTPS address you last visited( https://localhost:8200 )Correspondingly, it's impossible to change it to other. As for the principle, it's HTTPS principle. I won't go into details here.

The tutorial uses Mac operation. I operate under windows. It's OK. I don't operate under linux.

PS: if an error is reported when the Agent connects to the APM server, the error information is very clear. When a problem occurs, I want to see the error information here at the first time (the error information of the Agent and the error information of the APM server)

Thank you very much for the original tutorial. The original tutorial is very good and detailed, but there is a little mistake. The reason why I wrote an article again is because I really don't like CSDN, so I didn't leave a message under CSDN. So I wrote all the supplements here. If there are mistakes, please correct them!