Docker network encryption vs security encryption?

asp · May 22, 2019, 8:58am

Hi,

We will run elasticsearch, logstash, redis and kibana in a docker environment. I have been asked about encryption between all components because the log data is sensitive.

For external filebeat communication I placed stunnel in front of redis, so filebeat is able to ship TLS encrypted. In front of kibana I placed an httpd reverse proxy which adds the TLS layer.

What is best practice in docker environment? Encrypt the whole docker network (components mentioned above are in the same docker network) or to use encryption of security module which became free with 7.1.0?

What gives more security? IPCSEC or TLS of security module?
What should perform faster / needs less resources?

Thanks, Andreas

joshbressers · May 23, 2019, 12:49pm

I would strongly suggest you use the TLS included with 7.1.

If you try to stand up your own security using proxies there are a number of things that can go wrong and getting help can be extremely difficult as your setup will be one of a kind.

Using the TLS included in the stack you can come back here for help.

Good luck!

system · June 20, 2019, 12:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.