I have a 3 nodes cluster in my local VM ware workstation. I followed the instructions on below to make my Elasticsearch 7.10 secure:
getting-started-with-elasticsearch-security
I could complete the tutorials, but I want to know if I can secure built in users with password but no TLS configuration !! I mean , is it possible only add passwords to Elasticsearch built in users without Configure Transport Layer Security (TLS/SSL) for internode-communication
?
In a single node cluster, I add xpack.security.enabled: true
and then run the Elasticsearch-setup-passwords interactive
and just finish !! now I can add user/password to my connection strings to connect to my database in Elasticsearch!
But in a multi node cluster, I added xpack.security.enabled: true
and when I want to startmy elasticsearch, the error says :
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
and so I have to be engaged in security transport SSL, while my all nodes/servers will be internal and not connected to internet and without SSH and other security points.
It is safe to me if I can have a secured cluster just with a password!! and with no SSL/TLS in node communications. I do not know that is it possible or not ??