Load balancer for multi logstash

alicango · June 25, 2021, 1:49pm

Hi,
We have 2 Logstash servers. I want to put them behind a load balancer and push the data to the logstash over the HTTPS. But now, I am using the HTTP input plugin without a load balancer.
Let me show you my HTTPS configuration steps;
in logstash1 server:

mkdir /etc/logstash/certs
cd /etc/logstash/certs
openssl req -days 3650 -x509 -newkey rsa:4096 -keyout logstash1-key.pem -out logstash1-cert.pem -nodes
chmod 644 logstash1-key.pem

in logstash2 server:
i applied same steps but just replaced openssl command whit this;
openssl req -days 3650 -x509 -newkey rsa:4096 -keyout logstash2-key.pem -out logstash2-cert.pem -nodes

config file;
Note: Each logstash server(1 and 2) has same config except ssl_certificate and ssl_key

input {
  http {
    port => 9605
    user => "happylogstash"
    password => "${LS_PWD}"
    ssl => true
    ssl_verify_mode => "none"
    ssl_certificate => "/etc/logstash/certs/logstash1-cert.pem"
    ssl_key => "/etc/logstash/certs/logstash1-key.pem"
    codec => "json"
  }
}

Finally, i set the logstash's fqdn in /etc/hosts in a different server where I send data to logstash by using logstash's fqdn instead of IP.

cat /etc/hosts
127.0.0.1   localhost localhost.localdomain
::1         localhost localhost.localdomain

# Logstash
10.0.1.2 logstash1.com
10.0.1.3 logstash2.com

And i send data like this;
curl -XPOST -k -u 'happylogstash:anypassword' 'https://logstash1.com:9605' -d '{"my": "data"}'

or
curl -XPOST -k -u 'happylogstash:anypassword' 'https://logstash2.com:9605' -d '{"my": "data"}'

My question is what should I make changes in my configuration if use a load balancer's fqdn instead of using logstash's fqdn directly?

leandrojmp · June 25, 2021, 3:01pm

That would depend in how you will use your Load Balancer.

Are you going to terminate the SSL/TLS connection at the Load Balancer? Pass-through the request from the client to the server or open the request and reencrypt it again?

If you are going to terminate the SSL/TLS connection at the Load Balancer, then you would not need to use the ssl options of the http input in logstash.

If you are going to pass-through the connection, then I think that you do not need to change anything in the logstash side, the same thing if you open and reencrypt it again, but in this case you would need to configura the logstash ssl in the load balancer.

This is more an infrastructure/network question, it depends on the load balancer configuration and which tool are you using as a load balancer.

alicango · June 27, 2021, 8:16pm

We will use F5 with SSL offloading most likely. Also, we just want to send a request with HTTPS and user/password both. (without SSL verification) like this;
From a client server:
curl -XPOST -k -u 'happylogstash:anypassword' 'https://myF5balancer:9605' -d '{"my": "data"}'

system · July 25, 2021, 8:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.