Is there a way to enable login access to kibana and create users and assign roles to them without configuring the TLS?
There is a load balancer in front of the cluster and the IT admin is not very supportive of enabling TLS. He says that it will mess up things performance wise. The cluster is never exposed to outer world. Only people from within the company network access kibana.
There is no requirement to configure TLS for the HTTP port (9200) of your nodes.
You must enable TLS for the traffic within the cluster that runs on the "transport" port (9300). That will not affect your load balancer.
Thanks for the info. Somehow I missed it in the documentation.
Just to make sure that I have understood it right:
We send the data via serilog shipper to the loadbalancer.
This is how the relevant section settings.json for the serilog looks like.
Current setup still remains as it is after ssl enabling internally.
"Args": {
"nodeUris": "http://loadbalance:9200",
.
.
.
And kibana url will remains the http based like before:
http://kibanainstance:5601/
But then the user login feature gets enabled and I can create users and assign roles to them.
Also I am referring to this blog:
My understanding is that I comment the lines below to keep the http based communications betweent the client and the cluster.
[root@node1 elasticsearch]# vi elasticsearch.yml
## add the following contents
node.name: node1
network.host: node1.elastic.test.com
xpack.security.enabled: true
## xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
## xpack.security.http.ssl.key: certs/node1.key
## xpack.security.http.ssl.certificate: certs/node1.crt
## xpack.security.http.ssl.certificate_authorities: certs/ca.crt
xpack.security.transport.ssl.key: certs/node1.key
xpack.security.transport.ssl.certificate: certs/node1.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt
discovery.seed_hosts: [ "node1.elastic.test.com" ]
cluster.initial_master_nodes: [ "node1" ]This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.