Reverse Proxy & Security Questions

Hello ES & Kibana aficionados!

I'm very new to this whole topic (ES/Kibana/Network Security) and have some burning questions I'm certain you can help me out with.

General Setup:

  • Connection occurs via Citrix VPN.

  • ES & Kibana on a server inside a network as services.

  • ES has 1 node.

  • ES & Kibana are running on the same physical machine.

  • Standard passwords have been changed.

  • User passwords added to the trust store and been removed from the kibana.yml file.

  • XPACK Security is enabled and Kibana asks for login credentials.

  • Both Kibana and ES are inplemented with SSL (https://internal-ip:5601 & https://localhost:9200).

  • Cert.crt & Cert.key were created with ES's certutil and the links to the files provided in the elasticsearch.yml and kibana.yml files.

Everything is running fine so far.

Now my questions:
Did I miss a step in order to make my setup secure? Especially on the self signed certificate part.
Just generating .crt. & .key seemed a little bit too easy for my taste.
certutil just asked for the format (.pem), optional password and the name. Thats it? Did I miss a step?

Is there any good reason to set up a reverse proxy for both services (since my server is inside the network and theres only 1 node I guess a reverse proxy would be pretty much pointless or not?

Thanks in advance,
Happy loggong!

Looks pretty good to me. In order for someone to have access to those certificates to be able to decrypt the communication they would need physical access to your machine. Then you have more problems than certificates. :smiley:
If you followed everything in this guide, you should be good:

1 Like

Thank you. Haha good point. I believe so. I was just worried because everything went so awkwardly smooth while setting this up.

Thaks again :slight_smile:

I am happy that it went smooth. It was one of our goals during internal development after we required SSL/TLS for communications in production. Normally certificates are a headache for people that don't deal with them on a daily basis and we tried to make it straightforward as possible.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.