Not sure what you mean. That's the JavaScript client library and its abilities to use HTTPS and authentication, which is useful regardless of whether you run nginx or not and has nothing to do with node to node communication.
Does this mean that even though the javascript client library has the ability to use HTTPS, elasticsearch does not support client-server HTTPS unless you use shield or nginx or https://github.com/sonian/elasticsearch-jetty? That is my current understanding of what is happening.
As for node to node encryption, is https://github.com/sonian/elasticsearch-jetty a solution? What are other options? I see vague references to stunnel and ipsec, but nothing concrete and definitive. There surely was a solution before shield was released. Are there any good explanations of the custom protocol used for node to node communication? All I can see is that it binds to a port in the range of 9300 to 9400.
Note, even with Shield, you must maintain host keys and/or truststore/keystore on each node for TLS, which is not secure if the node is not running in a secure environment controlled by yourself like a physical machine in your private network in your data center.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.