Is it possible to setup kibana and multiple elastic nodes in a secure network without TLS, and use token authentication?

I have a dedicated docker engine for my ELK stack. It is composed of

• a caddy web server that
  • proxifies traffic to kibana and the elastic nodes
  • exposes a HTTPS endpoint for both services to the "external world"

My intent is to have non-TLS communication inside the docker network and enable token authentication to access the elastic nodes. The general schema is

caddy will manage

• https://kibana.example.com which proxifies the request to the kibana:5601 container
• https://elastic.example.com:9200 which proxifies the request to a random elasticXX:9200 node

kibana will be configured to hit https://elastic.example.com:9200 for its data (in other words, the kibana container, when data is required, will go back to the external elastic endpoint, to be redirected in). An alternative would be to manually list the elastic nodes in its configuration and really on kibana's own round robin mechanisms.

This setup apparently cannot work (I was told) because token authentication requires that both kibana and all the nodes to be configured natively with TLS.

Is this true?

It is, yes.

Ah, crap . Can the certificate be at least self-signed?

Sure can be.

Thanks. I've gone through the whole "Authentication" documentation but it was never clear which of the possible ones (Basic Authentication, PKI, ...) were dependant of which protocol.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.