We will run elasticsearch, logstash, redis and kibana in a docker environment. I have been asked about encryption between all components because the log data is sensitive.
For external filebeat communication I placed stunnel in front of redis, so filebeat is able to ship TLS encrypted. In front of kibana I placed an httpd reverse proxy which adds the TLS layer.
What is best practice in docker environment? Encrypt the whole docker network (components mentioned above are in the same docker network) or to use encryption of security module which became free with 7.1.0?
- What gives more security? IPCSEC or TLS of security module?
- What should perform faster / needs less resources?