I want to avoid that anyone can send anything to APM server port.
Do you have any experience in this case?
I case of communication between APM server and ELK we are using ssl certificates.
Best Regads,
Dan
I want to avoid that anyone can send anything to APM server port.
Do you have any experience in this case?
I case of communication between APM server and ELK we are using ssl certificates.
Best Regads,
Dan
APM server can :
What agent are you using ? I used many time java agent to talk with APM server in SSL
Hi @ylasri,
We are using java agent. Could you show me your example configuration for agent and server with SSL between them, please? Thanks
Yes sure, i will share with you a full example
I'll be wait. Thanks a lot.
Here is the config i'm using
ssl:
enabled: true
# Path to file containing the certificate for server authentication.
# Needs to be configured when ssl is enabled.
certificate: '/es/apm-server/apm-server.crt'
# Path to file containing server certificate key.
# Needs to be configured when ssl is enabled.
key: '/es/apm-server/apm-server.key'
# Optional configuration options for ssl communication.
# Passphrase for decrypting the Certificate Key.
# It is recommended to use the provided keystore instead of entering the passphrase in plain text.
key_passphrase: 'truststore_password'
# List of supported/valid protocol versions. By default TLS versions 1.1 up to 1.3 are enabled.
supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3]
At the agent level, i'm converting to PKC12 format, i'm using this batch on windows to run my java app
setlocal
set APP_ARGS=-javaagent:../lib/elastic-apm-agent-1.18.1.jar
set APP_ARGS=%APP_ARGS% -Delastic.apm.service_name=my-service-name
set APP_ARGS=%APP_ARGS% -Delastic.apm.application_packages=*
set APP_ARGS=%APP_ARGS% -Delastic.apm.server_urls=https://my-apm-server:8200
set APP_ARGS=%APP_ARGS% -Delastic.apm.environment=Production
set APP_ARGS=%APP_ARGS% -Delastic.apm.enable_log_correlation=true
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStore=apm-server.p12
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStoreType=pkcs12
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStorePassword=truststore_password
set APP_ARGS=%APP_ARGS% -Delastic.apm.verify_server_cert=true
java %APP_ARGS% -jar target\car-back-end-1.1.jar
But in order that the agent trust the server, you need to add the PEM certificate into the JVM truststore as descibed in bellow doc
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.