After reading many tutorials, I have successfully secured HTTP access to my elasticsearch cluster by using nginx to reverse proxy http traffic through an ssl connection that requires basic auth. But I have not been able to find a tutorial on how to secure node-to-node communication. Unfortunately, I am quite the beginner at devops, so I don’t know where to begin.
I thought to use the same nginx setup, but the elasticsearch.yml does not have a setting for specifying basic auth username and passwords AFIK (like the kibana.yml does), so while I might encrypt communications, it would not be password protected, meaning (I guess?) a malicious node or user might still gain access or at least view unencrypted traffic.
The only alternative I came up with is to whitelist other elasticsearch node IPs, but this seems like a last resort, especially since the IPs may change frequently.
Is there a basic guide somewhere that discusses this? I’ve searched for the past 2 days but could not find one. There are many guides on securing http communication from a USER to the elasticsearch cluster, but none that I can find on node-to-node communication. If no guide is available, maybe just a finger in the right direction.
(I know Shield offers this, but my needs are limited to just encryption and auth for a single user.)