Setup Logstash to run via SSL (No FileBeats)


(Praetor) #1

Team, Am looking to see how I can enable TLS/SSL (similar to how Kibana can be run via SSL). The intent is to startup Logstash on an EC2 on SSL so that the ALB that the EC2 is registered does traffic/health on HTTPS and not HTTP. We have zero requirement for filebeats. Can someone suggest how I can do this?


(Tim Vernum) #2

Which logstash input are you looking to monitor via the ALB?
Logstash doesn't necessarily open any ports, so what you're asking for isn't as simple as it sounds.

For example, if you are using logstash to process data from files, or from a database then there's no HTTP/S port to monitor.

We need a bit more info from you to be able to give you any guidance.


(Praetor) #3

We are using http input only. The logstash instance I'm spinning up is via docker. The issue is more of the parent framework our enterprise uses to launch docker. The framework sets the ALB health check and instances port to Https and 443.
We had the same issue spinning up kibana but since kibana has the ssl configuration natively, using SSL settings in kibana.yml allowed it's Alb to ping it correctly.

We're trying to do the same thing for logstash.


#4

Hi @titan1978,

you could use a TCP input which lets you configure SSL.

There might be reasons why that would not work. I don't know AWS stuff...

Cheers,
AB


(Praetor) #5

why wouldnt Http Input work?

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html

it does seem to have ssl support. Just looking for guidance on how to configure it!


#6

Right, sorry... We only use UDP or TCP inputs where I work :stuck_out_tongue:

What issues do you have? Looks like the private key has to be in PKCS8 format. I have had to do that with lumberjack inputs. Logstash will fail to start if the cert is in the wrong format. IIRC the logs did say that quite clearly when I finally took the time to read them.

You can convert the private key with

# openssl pkcs8 -topk8 -nocrypt -in privkey.pem

(Praetor) #7

Could you paste your input config from the .conf file here?


#8

As I said, we don't use http inputs but I would imagine this should work.

input {
  http {
    ssl => true
    ssl_certificate => "/etc/logstash/ssl/example.crt"
    ssl_key => "/etc/logstash/ssl/example.key"
  }
}

Default port is 8080. And the private key has to be in PKCS8 format.


(Praetor) #9

thanks. Curious - if SSL is enabled - shouldn't the default port be 443


#10

Just quoting the documentation

I guess it is because the default for ssl is false.