Google Git
Sign in
apache / james-site / a92fa6ef34b4ad4bdd3caff9c602c28281ff6677 / . / content / server / config-elasticsearch.html
blob: 4cd8bac111681ba525c767f91eda16762fe4fcfe [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by Apache Maven Doxia at 2021-11-12 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache James Project &#x2013; Apache James Server 3 - ElasticSearch Configuration</title>
<style type="text/css" media="all">
@import url("../css/james.css");
@import url("../css/maven-base.css");
@import url("../css/maven-theme.css");
@import url("../css/site.css");
@import url("../js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css");
@import url("../js/jquery/css/print.css");
@import url("../js/fancybox/jquery.fancybox-1.3.4.css");
</style>
<script type="text/javascript" src="../js/jquery/js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="../js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script>
<script type="text/javascript" src="../js/fancybox/jquery.fancybox-1.3.4.js"></script>
<link rel="stylesheet" href="../css/print.css" type="text/css" media="print" />
<meta name="Date-Revision-yyyymmdd" content="20211112" />
<meta http-equiv="Content-Language" content="en" />
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-1384591-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body class="composite">
<div id="banner">
<a href="../index.html" id="bannerLeft" title="james-logo.png">
<img src="../images/logos/james-logo.png" alt="James Project" />
</a>
<a href="https://www.apache.org/index.html" id="bannerRight">
<img src="images/logos/asf_logo_small.png" alt="The Apache Software Foundation" />
</a>
<div class="clear">
<hr/>
</div>
</div>
<div id="breadcrumbs">
<div class="xleft">
<span id="publishDate">Last Published: 2021-11-12</span>
</div>
<div class="xright"> <a href="../index.html" title="Home">Home</a>
|
<a href="../documentation.html" title="James">James</a>
|
<a href="../mime4j/index.html" title="Mime4J">Mime4J</a>
|
<a href="../jsieve/index.html" title="jSieve">jSieve</a>
|
<a href="../jspf/index.html" title="jSPF">jSPF</a>
|
<a href="../jdkim/index.html" title="jDKIM">jDKIM</a>
</div>
<div class="clear">
<hr/>
</div>
</div>
<div id="leftColumn">
<div id="navcolumn">
<h5>James components</h5>
<ul>
<li class="collapsed">
<a href="../documentation.html" title="About James">About James</a>
</li>
<li class="expanded">
<a href="../server/index.html" title="Server">Server</a>
<ul>
<li class="none">
<a href="../server/advantages.html" title="Advantages">Advantages</a>
</li>
<li class="none">
<a href="../server/objectives.html" title="Objectives">Objectives</a>
</li>
<li class="expanded">
<a href="../server/quick-start.html" title="User Manual">User Manual</a>
<ul>
<li class="collapsed">
<a href="../server/features.html" title="1. Features">1. Features</a>
</li>
<li class="none">
<a href="../server/packaging.html" title="2. Packaging">2. Packaging</a>
</li>
<li class="collapsed">
<a href="../server/install.html" title="3. Install James">3. Install James</a>
</li>
<li class="expanded">
<a href="../server/config.html" title="4. Configure James">4. Configure James</a>
<ul>
<li class="none">
<a href="../server/config-listeners.html" title="Additional mailbox listeners">Additional mailbox listeners</a>
</li>
<li class="none">
<a href="../server/config-antispam.html" title="Anti Spam">Anti Spam</a>
</li>
<li class="none">
<a href="../server/config-blob-export.html" title="Blob Export">Blob Export</a>
</li>
<li class="none">
<a href="../server/config-blobstore.html" title="BlobStore">BlobStore</a>
</li>
<li class="none">
<a href="../server/config-cassandra.html" title="Cassandra">Cassandra</a>
</li>
<li class="none">
<strong>ElasticSearch</strong>
</li>
<li class="none">
<a href="../server/config-vault.html" title="Deleted Messages Vault">Deleted Messages Vault</a>
</li>
<li class="none">
<a href="../server/config-dnsservice.html" title="DNS Service">DNS Service</a>
</li>
<li class="none">
<a href="../server/config-domainlist.html" title="Domain List">Domain List</a>
</li>
<li class="none">
<a href="../server/config-fetchmail.html" title="FetchMail">FetchMail</a>
</li>
<li class="none">
<a href="../server/config-guice.html" title="Guice">Guice</a>
</li>
<li class="none">
<a href="../server/config-imap4.html" title="IMAP4">IMAP4</a>
</li>
<li class="none">
<a href="../server/config-jmap.html" title="JMAP">JMAP</a>
</li>
<li class="none">
<a href="../server/config-mailrepositorystore.html" title="Mail Repository Stores">Mail Repository Stores</a>
</li>
<li class="none">
<a href="../server/config-mailbox.html" title="Mailbox">Mailbox</a>
</li>
<li class="none">
<a href="../server/config-mailetcontainer.html" title="Mailet Container">Mailet Container</a>
</li>
<li class="none">
<a href="../server/config-healthcheck.html" title="Periodical Health Checks">Periodical Health Checks</a>
</li>
<li class="none">
<a href="../server/config-pop3.html" title="POP3">POP3</a>
</li>
<li class="none">
<a href="../server/config-quota.html" title="Quota">Quota</a>
</li>
<li class="none">
<a href="../server/config-rabbitmq.html" title="RabbitMQ">RabbitMQ</a>
</li>
<li class="none">
<a href="../server/config-recipientrewritetable.html" title="Recipient Rewrite">Recipient Rewrite</a>
</li>
<li class="none">
<a href="../server/config-smtp-lmtp.html" title="SMTP LMTP">SMTP LMTP</a>
</li>
<li class="none">
<a href="../server/config-sieve.html" title="Sieve">Sieve</a>
</li>
<li class="none">
<a href="../server/config-ssl-tls.html" title="SSL/TLS">SSL/TLS</a>
</li>
<li class="none">
<a href="../server/config-system.html" title="System">System</a>
</li>
<li class="none">
<a href="../server/config-spring-jpa-postgres.html" title="Spring JPA Postgres">Spring JPA Postgres</a>
</li>
<li class="none">
<a href="../server/config-users.html" title="Users">Users</a>
</li>
<li class="none">
<a href="../server/config-webadmin.html" title="WebAdmin">WebAdmin</a>
</li>
</ul>
</li>
<li class="collapsed">
<a href="../server/manage.html" title="5. Manage">5. Manage</a>
</li>
<li class="collapsed">
<a href="../server/monitor.html" title="6. Monitor">6. Monitor</a>
</li>
<li class="collapsed">
<a href="../server/upgrade.html" title="7. Upgrade">7. Upgrade</a>
</li>
<li class="collapsed">
<a href="../server/dev.html" title="8. Developers Corner">8. Developers Corner</a>
</li>
</ul>
</li>
<li class="none">
<a href="../mail.html#James_Mailing_lists" title="Mailing Lists">Mailing Lists</a>
</li>
<li class="none">
<a href="../server/release-notes.html" title="Release Notes">Release Notes</a>
</li>
<li class="none">
<a href="../server/apidocs/index.html" title="Javadoc">Javadoc</a>
</li>
<li class="none">
<a href="https://issues.apache.org/jira/browse/JAMES" title="Issue Tracker">Issue Tracker</a>
</li>
<li class="none">
<a href="https://github.com/apache/james-project" title="Sources">Sources</a>
</li>
<li class="none">
<a href="../server/rfcs.html" title="RFCs">RFCs</a>
</li>
<li class="none">
<a href="../download.cgi#Apache_James_Server" title="Download releases">Download releases</a>
</li>
</ul>
</li>
<li class="collapsed">
<a href="../mailet/index.html" title="Mailets">Mailets</a>
</li>
<li class="collapsed">
<a href="../mailbox/index.html" title="Mailbox">Mailbox</a>
</li>
<li class="collapsed">
<a href="../protocols/index.html" title="Protocols">Protocols</a>
</li>
<li class="collapsed">
<a href="../mpt/index.html" title="MPT">MPT</a>
</li>
</ul>
<h5>Apache Software Foundation</h5>
<ul>
<li>
<strong>
<a title="ASF" href="http://www.apache.org/">ASF</a>
</strong>
</li>
<li>
<a title="Get Involved" href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a>
</li>
<li>
<a title="FAQ" href="http://www.apache.org/foundation/faq.html">FAQ</a>
</li>
<li>
<a title="License" href="http://www.apache.org/licenses/" >License</a>
</li>
<li>
<a title="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
</li>
<li>
<a title="Thanks" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
</li>
<li>
<a title="Security" href="http://www.apache.org/security/">Security</a>
</li>
</ul>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img class="poweredBy" alt="Built by Maven" src="../images/logos/maven-feather.png" />
</a>
</div>
</div>
<div id="bodyColumn">
<div id="contentBox">
<section>
<h2><a name="ElasticSearch_Configuration"></a>ElasticSearch Configuration</h2>
This configuration applies only to Guice wiring.
<p>Consult <a class="externalLink" href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/elasticsearch.properties">elasticsearch.properties</a> to get some examples and hints.</p>
Connection to a cluster :
<dl>
<dt><b>elasticsearch.masterHost</b></dt>
<dd>Is the IP (or host) of the ElasticSearch master</dd>
<dt><b>elasticsearch.port</b></dt>
<dd>Is the port of ElasticSearch master</dd>
<dt><b>elasticsearch.hostScheme</b></dt>
<dd>
Optional. Only http or https are accepted, default is http. In case of <b>https</b>,
and you want to override the default SSL Validation behavior of the client,
consult the section <b>SSL Trusting Configuration</b> for more details.
</dd>
<dt><b>elasticsearch.user</b></dt>
<dd>
Optional.
Basic auth username to access elasticsearch.
Ignore elasticsearch.user and elasticsearch.password to not be using authentication (default behaviour).
Otherwise, you need to specify both properties.
</dd>
<dt><b>elasticsearch.password</b></dt>
<dd>
Optional.
Basic auth password to access elasticsearch.
Ignore elasticsearch.user and elasticsearch.password to not be using authentication (default behaviour).
Otherwise, you need to specify both properties.
</dd>
</dl>
Or you can connect a cluster by :
<dl>
<dt><b>elasticsearch.hosts</b></dt>
<dd>List of comma separated hosts. An host is composed of an address and a port separated by a ':'. Example : elasticsearch.hosts=host1:9200,host2:9200</dd>
</dl>
Other options includes :
<dl>
<dt><b>elasticsearch.clusterName</b></dt>
<dd>Is the name of the cluster used by James.</dd>
<dt><b>elasticsearch.nb.shards</b></dt>
<dd>Number of shards for index provisionned by James</dd>
<dt><b>elasticsearch.nb.replica</b></dt>
<dd>Number of replica for index provisionned by James (default: 0)</dd>
<dt><b>elasticsearch.index.waitForActiveShards (default: 1)</b></dt>
<dd>Wait for a certain number of active shard copies before proceeding with the operation.</dd>
<dd>You may consult the <a class="externalLink" href="https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docs-index_.html#active-shards">documentation</a> for more information.</dd>
<dt><b>elasticsearch.index.mailbox.name</b></dt>
<dd>Name of the mailbox index backed by the alias. It will be created if missing.</dd>
<dt><b>elasticsearch.index.name</b></dt>
<dd><b>Deprecated</b> Use <b>elasticsearch.index.mailbox.name</b> instead. <br />
Name of the mailbox index backed by the alias. It will be created if missing.</dd>
<dt><b>elasticsearch.alias.read.mailbox.name</b></dt>
<dd>Name of the alias to use by Apache James for mailbox reads. It will be created if missing.
The target of the alias is the index name configured above.</dd>
<dt><b>elasticsearch.alias.read.name</b></dt>
<dd><b>Deprecated</b> Use <b>elasticsearch.alias.read.mailbox.name</b> instead. <br />
Name of the alias to use by Apache James for mailbox reads. It will be created if missing.
The target of the alias is the index name configured above.</dd>
<dt><b>elasticsearch.alias.write.mailbox.name</b></dt>
<dd>Name of the alias to use by Apache James for mailbox writes. It will be created if missing.
The target of the alias is the index name configured above.</dd>
<dt><b>elasticsearch.alias.write.name</b></dt>
<dd><b>Deprecated</b> Use <b>elasticsearch.alias.write.mailbox.name</b> instead. <br />
Name of the alias to use by Apache James for mailbox writes. It will be created if missing.
The target of the alias is the index name configured above.</dd>
<dt><b>elasticsearch.retryConnection.maxRetries</b></dt>
<dd>Number of retries when connecting the cluster</dd>
<dt><b>elasticsearch.retryConnection.minDelay</b></dt>
<dd>Minimum delay between connection attempts</dd>
<dt><b>elasticsearch.indexAttachments</b></dt>
<dd>Indicates if you wish to index attachments or not (default: true).</dd>
<dt><b>elasticsearch.index.quota.ratio.name</b></dt>
<dd>Specify the ElasticSearch alias name used for quotas</dd>
<dt><b>elasticsearch.alias.read.quota.ratio.name</b></dt>
<dd>Specify the ElasticSearch alias name used for reading quotas</dd>
<dt><b>elasticsearch.alias.write.quota.ratio.name</b></dt>
<dd>Specify the ElasticSearch alias name used for writing quotas</dd>
</dl>
<p>
ElasticSearch component can be disabled but consider it would make search feature to not work. In particular it will break JMAP protocol and SEARCH IMAP comment in an nondeterministic way.
This is controlled in the search.properties file via the implementation property (defaults
to ElasticSearch). Setting this configuration parameter to scanning will effectively disable ElasticSearch, no
further indexation will be done however searches will rely on the scrolling search, leading to expensive and longer
searches. Disabling ElasticSearch requires no extra action, however
<a class="externalLink" href="https://github.com/apache/james-project/blob/master/src/site/markdown/server/manage-webadmin.md#reindexing-all-mails">
a full re-indexing</a> needs to be carried out when enabling ElasticSearch.
</p>
For configuring the metric reporting on ElasticSearch :
<p>
In server version 3.6.0 james moved from Elasticsearch 6 to 7 and the metric reporting on Elasticsearch is deprecated.
You can still use metric reporting on Elasticsearch but that requires you to run a separate Elasticsearch 6 instance and use that in your Elasticsearch metric reporting configuration.
</p>
<dl>
<dt><b>elasticsearch.http.host</b></dt>
<dd>Host to report metrics on. Defaults to master host. Compatible with 6.x hosts</dd>
<dt><b>elasticsearch.http.port</b></dt>
<dd>Http port to use for publishing metrics</dd>
<dt><b>elasticsearch.metrics.reports.enabled</b></dt>
<dd>Boolean value. Enables metrics reporting.</dd>
<dt><b>elasticsearch.metrics.reports.period</b></dt>
<dd>Seconds between metric reports</dd>
<dt><b>elasticsearch.metrics.reports.index</b></dt>
<dd>Index to publish metrics on</dd>
</dl>
<p>If you want more explanation about ElasticSearch configuration, you should visit the dedicated <a class="externalLink" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html">documentation</a>.</p>
</section>
<section>
<h2><a name="Tika_Configuration"></a>Tika Configuration</h2>
<p>When using ElasticSearch, you can configure an external Tika server for extracting and indexing text from attachments.
Thus you can significantly improve user experience upon text searches.</p>
<p>Note that to use this feature you need Guice, built with ElasticSearch</p>
<p>Consult <a class="externalLink" href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/tika.properties">tika.properties</a> to get some examples and hints.</p>
Here are the different properties:
<dl>
<dt><b>tika.enabled</b></dt>
<dd>Should Tika text extractor be used? <br />
If true, the TikaTextExtractor will be used behind a cache. <br />
If false, the DefaultTextExtractor will be used (naive implementation only supporting text).<br />
Defaults to false.</dd>
<dt><b>tika.host</b></dt>
<dd>IP or domain name of your Tika server. The default value is 127.0.0.1</dd>
<dt><b>tika.port</b></dt>
<dd>Port of your tika server. The default value is 9998</dd>
<dt><b>tika.timeoutInMillis</b></dt>
<dd>Timeout when issuing request to the tika server. The default value is 3 seconds.</dd>
<dt><b>tika.cache.eviction.period</b></dt>
<dd>A cache is used to avoid, when possible, query Tika multiple time for the same attachments. <br />
This entry determines how long after the last read an entry vanishes.<br />
Please note that units are supported (ms - millisecond, s - second, m - minute, h - hour, d - day). Default unit is seconds. <br />
Default value is <b>1 day</b></dd>
<dt><b>tika.cache.enabled</b></dt>
<dd>Should the cache be used? False by default</dd>
<dt><b>tika.cache.weight.max</b></dt>
<dd>Maximum weight of the cache.<br />
A value of <b>0</b> disables the cache<br />
Please note that units are supported (K for KB, M for MB, G for GB). Defaults is no units, so in bytes.<br />
Default value is <b>100 MB</b>.</dd>
<dt><b>tika.contentType.blacklist</b></dt>
<dd>Blacklist of content type is known-to-be-failing with Tika. Specify the list with comma separator.</dd>
</dl>
Note: You can launch a tika server using this command line:
<div>
<pre>docker run --name tika linagora/docker-tikaserver:1.24</pre></div>
</section>
<section>
<h2><a name="SSL_Trusting_Configuration"></a>SSL Trusting Configuration</h2>
<p>
By default James will use the system TrustStore to validate https server certificates, if the certificate on
ES side is already in the system TrustStore, you can leave the sslValidationStrategy property empty or set it to default.
</p>
<dl>
<dt><b>elasticsearch.hostScheme.https.sslValidationStrategy</b></dt>
<dd>
Optional. Accept only <b>default</b>, <b>ignore</b>, <b>override</b>. Default is <b>default</b>
</dd>
<dd>
default: Use the default SSL TrustStore of the system.
ignore: Ignore SSL Validation check (not recommended).
override: Override the SSL Context to use a custom TrustStore containing ES server's certificate.
</dd>
</dl>
<p>
In some cases, you want to secure the connection from clients to ES by setting up a <b>https</b> protocol
with a self signed certificate. And you prefer to left the system ca-certificates un touch.
There are possible solutions to let the ES RestHighLevelClient to trust your self signed certificate.
</p>
<p>
First solution: ignoring SSL check.
In case you want to ignore the SSL check, simply, just don't specify below options. Otherwise, configuring the trust
requires some prerequisites and they are explained in below block.
</p>
<p>
Second solution: importing a TrustStore containing the certificate into SSL context.
A certificate normally contains two parts: a public part in .crt file, another private part in .key file.
To trust the server, the client needs to be acknowledged that the server's certificate is in the list of
client's TrustStore. Basically, you can create a local TrustStore file containing the public part of a remote server
by execute this command:
</p>
<div>
<pre>
keytool -import -v -trustcacerts -file certificatePublicFile.crt -keystore trustStoreFileName.jks -keypass fillThePassword -storepass fillThePassword
</pre></div>
<p>
When there is a TrustStore file and the password to read, fill two options <b>trustStorePath</b>
and <b>trustStorePassword</b> with the TrustStore location and the password. ES client will accept
the certificate of ES service.
</p>
<dl>
<dt><b>elasticsearch.hostScheme.https.trustStorePath</b></dt>
<dd>
Optional. Use it when https is configured in elasticsearch.hostScheme, and sslValidationStrategy is <b>override</b>
Configure Elasticsearch rest client to use this trustStore file to recognize nginx's ssl certificate.
Once you chose <b>override</b>, you need to specify both trustStorePath and trustStorePassword.
</dd>
<dt><b>elasticsearch.hostScheme.https.trustStorePassword</b></dt>
<dd>
Optional. Use it when https is configured in elasticsearch.hostScheme, and sslValidationStrategy is <b>override</b>
Configure Elasticsearch rest client to use this trustStore file with the specified password.
Once you chose <b>override</b>, you need to specify both trustStorePath and trustStorePassword.
</dd>
</dl>
<p>
During SSL handshaking, the client can determine whether accept or reject connecting to a remote server by its hostname.
You can configure to use which HostNameVerifier in the client.
</p>
<dl>
<dt><b>elasticsearch.hostScheme.https.hostNameVerifier</b></dt>
<dd>
Optional. Default is <b>default</b>.
</dd>
<dd>
default: using the default hostname verifier provided by apache http client.
accept_any_hostname: accept any host (not recommended).
</dd>
</dl>
</section>
</div>
</div>
<div class="clear">
<hr/>
</div>
<div id="footer">
<div class="xright">Copyright &#169; 2006-2021
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All Rights Reserved.
</div>
<div class="clear">
<hr/>
</div>
</div>
</body>
</html>