Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b37c3bd0d5
Branches Tags
elasticsearch
/
docs
/
reference
/
security
/
securing-communications
/
securing-elasticsearch.asciidoc

securing-elasticsearch.asciidoc 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. [role="xpack"]
    2. 

  2. [[configuring-tls]]
    3. 

  3. === Encrypting communications in {es}
    4. 

  4. 

  5. {stack} {security-features} enable you to encrypt traffic to, from, and within
    6. 

  6. your {es} cluster. Connections are secured using Transport Layer Security
    7. 

  7. (TLS/SSL).
    8. 

  8. 

  9. WARNING: Clusters that do not have encryption enabled send all data in plain text
    10. 

  10. including passwords. If the {es} {security-features} are enabled, unless you
    11. 

  11. have a trial license, you must configure SSL/TLS for internode-communication.
    12. 

  12. 

  13. To enable encryption, you need to perform the following steps on each node in
    14. 

  14. the cluster:
    15. 

  15. 

  16. . Verify that the `xpack.security.enabled` setting is `true`. For more
    17. 

  17. information, see <<security-settings>>. 
    18. 

  18. 

  19. . <<node-certificates, Generate a private key and X.509 certificate>>.
    20. 

  20. 

  21. . Configure each node to:
    22. 

  22. .. Required: <<tls-transport,Enable TLS on the transport layer>>.
    23. 

  23. .. Recommended: <<tls-http,Enable TLS on the HTTP layer>>.
    24. 

  24. 

  25. . If you are using Active Directory user authentication, 
    26. 

  26. <<tls-active-directory,encrypt communications between {es} and your Active Directory server>>. 
    27. 

  27. 

  28. . If you are using LDAP user authentication, 
    29. 

  29. <<tls-ldap,encrypt communications between {es} and your LDAP server>>. 
    30. 

  30. 

  31. For more information about encrypting communications across the Elastic Stack,
    32. 

  32. see {stack-ov}/encrypting-communications.html[Encrypting Communications].
    33. 

  33. 

  34. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/node-certificates.asciidoc
    35. 

  35. include::node-certificates.asciidoc[]
    36. 

  36. 

  37. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-transport.asciidoc
    38. 

  38. include::tls-transport.asciidoc[]
    39. 

  39. 

  40. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-http.asciidoc
    41. 

  41. include::tls-http.asciidoc[]
    42. 

  42. 

  43. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-ad.asciidoc
    44. 

  44. include::tls-ad.asciidoc[]
    45. 

  45. 

  46. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-ldap.asciidoc
    47. 

  47. include::tls-ldap.asciidoc[]
    48.