Configuring TLS on a Logstash Docker container

espogian · October 9, 2016, 3:47pm

Hello, maybe this is a dumb question.
I'm in the situation in which I want to use TLS between Filebeat and Logstash, the latter being on a Docker container.
To enable TLS on Logstash, I'm supposed to configure it as follows (with a self-signed certificate):

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/server.crt"
    ssl_key => "/etc/server.key"
  }
}

The server.crt file is supposed to be used by Filebeat, too.
However, how is it possible to manage the situation in which I need to replace the Docker container? I should re-generate the certificate on the Logstash container and send it back to Filebeat?

magnusbaeck · October 9, 2016, 5:40pm

"Replace the Docker container"? Are you talking about the Docker image?

Since the certificate is tied to the host it's probably a good idea to store the certificate in the host file system and bind-mount it into containers as necessary.

espogian · October 9, 2016, 6:03pm

Yes, I was referring to container image replacement.
That was the suggestion I was looking for, thanks

BTW, could someone confirm me that if the host certificate is self-signed (and thus, I'm using the insecure option for Filebeat TLS) it is not necessary to pass the .crt and .key files to the Filebeat clients?

Topic		Replies	Views
Ssl setup for filebeat and logstash in docker getting desperate now Beats docker , filebeat	12	217	August 21, 2024
Can't figure out how to use certificates correctly Beats filebeat	15	1812	July 5, 2017
TLS enabled in logstash . NO certificates for Filebeat. Is it possible to connect Logstash	2	329	January 11, 2019
Handling permissions on logs and certificates with filebeat / logstash Beats filebeat	6	2838	May 11, 2018
[ERROR][org.logstash.beats.BeatsHandler] Exception: not an SSL/TLS record Logstash	9	4273	March 3, 2017

Configuring TLS on a Logstash Docker container

Related topics