Enabling ssl on intra-node communication in cluster?


#1

A google search for enabling ssl on elasticsearch returns nothing but hits about enabling this for the the http communication.

What about the communication between the nodes in a cluster? The ones described here:

By default, anyone sniffing the packets between cluster nodes can see all the documents being sent between the nodes in plain text. How can this be secured?


(Nik Everett) #2

Have a look at
https://www.elastic.co/guide/en/shield/current/separating-node-client-traffic.html

I'm not sure how much of that works without Shield.

Nik


#3

thanks nik, looks like Shield is the only way to go.


#4

We used ipsec transport layer encryption to do this without Shield.

https://blog.rectalogic.com/2015/03/ipsec-private-subnet.html


(system) #5