41 lines
1.8 KiB
Plaintext
41 lines
1.8 KiB
Plaintext
[[ssl-tls]]
|
|
=== Setting Up TLS on a cluster
|
|
|
|
The {stack} {security-features} enables you to encrypt traffic to, from, and
|
|
within your {es} cluster. Connections are secured using Transport Layer Security
|
|
(TLS), which is commonly referred to as "SSL".
|
|
|
|
WARNING: Clusters that do not have encryption enabled send all data in plain text
|
|
including passwords and will not be able to install a license that enables
|
|
{security-features}.
|
|
|
|
The following steps describe how to enable encryption across the various
|
|
components of the Elastic Stack. You must perform each of the steps that are
|
|
applicable to your cluster.
|
|
|
|
. Generate a private key and X.509 certificate for each of your {es} nodes. See
|
|
{ref}/configuring-tls.html#node-certificates[Generating Node Certificates].
|
|
|
|
. Configure each node in the cluster to identify itself using its signed
|
|
certificate and enable TLS on the transport layer. You can also optionally
|
|
enable TLS on the HTTP layer. See
|
|
{ref}/configuring-tls.html#tls-transport[Encrypting Communications Between Nodes in a Cluster] and
|
|
{ref}/configuring-tls.html#tls-http[Encrypting HTTP Client Communications].
|
|
|
|
. Configure {monitoring} to use encrypted connections. See <<secure-monitoring>>.
|
|
|
|
. Configure {kib} to encrypt communications between the browser and
|
|
the {kib} server and to connect to {es} via HTTPS. See
|
|
{kibana-ref}/using-kibana-with-security.html[Configuring Security in {kib}].
|
|
|
|
. Configure Logstash to use TLS encryption. See
|
|
{logstash-ref}/ls-security.html[Configuring Security in Logstash].
|
|
|
|
. Configure Beats to use encrypted connections. See <<beats>>.
|
|
|
|
. Configure the Java transport client to use encrypted communications.
|
|
See <<java-clients>>.
|
|
|
|
. Configure {es} for Apache Hadoop to use secured transport. See
|
|
{hadoop-ref}/security.html[{es} for Apache Hadoop Security].
|