Running Elasticsearch 7.11 & getting towards the end of a piece of work to enable TLS across the platform
I'm now at the point i need to enable tls on the http connections for the ingest nodes but I need to be able to still allow non tls traffic until I've finished reconfiguring our many logstash outputs.
I cant see anything obvious from the docs on how to do this & testing in our TPOC env it seems to be either tls or not.
My fall back is to only enable TLS on 2 out of the 3 ingest nodes & then reconfigure the logstash pipelines to target the non tls one & slowly then migrate them back over to the TLS enabled
but that means making 3 updates to each of the pipelines
You cannot have some nodes in your cluster running without, so it's an all in one approach unfortunately.
You will need to enable TLS on the
transport port (9300) for all nodes.
For HTTP (port 9200), you can have some nodes with TLS and some without.
However, you need to be careful with that - some features such as access tokens and API keys are only enabled on nodes with HTTPS, so you will have a different feature set between nodes.
You will also need to be careful with how your clients do node selection - if they sniff then they also need to be aware of which nodes use TLS and which ones don't.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.