If you want HTTPS with ES from logstash, you have several options: - provide a HTTPS reverse proxy in front of each ES HTTP-enabled node on the same server, with internal localhost connection
- replace ES HTTP Netty and use a Tomcat- or Jetty-based wrapping approach like https://github.com/salyh/elasticsearch-security-plugin - or patch ES by adding a Netty SSL client factory to ES HTTP, like in this example http://svn.apache.org/repos/asf/avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServerWithSSL.javaplus set up Java Keystores similar to Hadoop http://blog.cloudera.com/blog/2013/03/how-to-set-up-a-hadoop-cluster-with-network-encryption/ Take care that nobody can read your client certificates / Java keystores while you create and transfer them to the nodes. Note, adding HTTPS to each node is much more complex and error-prone than securing ES in a private network with a HTTPS reverse proxy. A correct setup of the environment is essential to maintain a minimum of security. Jörg -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoHW3p51bYf673g%3D8%2Br%2By03v1GJ7p8y9y7BO%3DEPqnjBGjA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
