Running Elasticsearch 7.11 & getting towards the end of a piece of work to enable TLS across the platform
I'm now at the point i need to enable tls on the http connections for the ingest nodes but I need to be able to still allow non tls traffic until I've finished reconfiguring our many logstash outputs.
I cant see anything obvious from the docs on how to do this & testing in our TPOC env it seems to be either tls or not.
My fall back is to only enable TLS on 2 out of the 3 ingest nodes & then reconfigure the logstash pipelines to target the non tls one & slowly then migrate them back over to the TLS enabled
but that means making 3 updates to each of the pipelines
You will need to enable TLS on the transport port (9300) for all nodes.
For HTTP (port 9200), you can have some nodes with TLS and some without.
However, you need to be careful with that - some features such as access tokens and API keys are only enabled on nodes with HTTPS, so you will have a different feature set between nodes.
You will also need to be careful with how your clients do node selection - if they sniff then they also need to be aware of which nodes use TLS and which ones don't.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.