I want to avoid that anyone can send anything to APM server port.
Do you have any experience in this case?
I case of communication between APM server and ELK we are using ssl certificates.
Best Regads,
Dan
I want to avoid that anyone can send anything to APM server port.
Do you have any experience in this case?
I case of communication between APM server and ELK we are using ssl certificates.
Best Regads,
Dan
APM server can :
What agent are you using ? I used many time java agent to talk with APM server in SSL
Hi @ylasri,
We are using java agent. Could you show me your example configuration for agent and server with SSL between them, please? Thanks
Yes sure, i will share with you a full example
I'll be wait. Thanks a lot.
Here is the config i'm using
ssl:
enabled: true
# Path to file containing the certificate for server authentication.
# Needs to be configured when ssl is enabled.
certificate: '/es/apm-server/apm-server.crt'
# Path to file containing server certificate key.
# Needs to be configured when ssl is enabled.
key: '/es/apm-server/apm-server.key'
# Optional configuration options for ssl communication.
# Passphrase for decrypting the Certificate Key.
# It is recommended to use the provided keystore instead of entering the passphrase in plain text.
key_passphrase: 'truststore_password'
# List of supported/valid protocol versions. By default TLS versions 1.1 up to 1.3 are enabled.
supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3]
At the agent level, i'm converting to PKC12 format, i'm using this batch on windows to run my java app
setlocal
set APP_ARGS=-javaagent:../lib/elastic-apm-agent-1.18.1.jar
set APP_ARGS=%APP_ARGS% -Delastic.apm.service_name=my-service-name
set APP_ARGS=%APP_ARGS% -Delastic.apm.application_packages=*
set APP_ARGS=%APP_ARGS% -Delastic.apm.server_urls=https://my-apm-server:8200
set APP_ARGS=%APP_ARGS% -Delastic.apm.environment=Production
set APP_ARGS=%APP_ARGS% -Delastic.apm.enable_log_correlation=true
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStore=apm-server.p12
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStoreType=pkcs12
set APP_ARGS=%APP_ARGS% -Djavax.net.ssl.keyStorePassword=truststore_password
set APP_ARGS=%APP_ARGS% -Delastic.apm.verify_server_cert=true
java %APP_ARGS% -jar target\car-back-end-1.1.jar
But in order that the agent trust the server, you need to add the PEM certificate into the JVM truststore as descibed in bellow doc
Thanks a lot, I'll test such configuration.
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.