Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b9707c29a1
Branches Tags
elasticsearch
/
docs
/
reference
/
security
/
securing-communications
/
securing-elasticsearch.asciidoc

securing-elasticsearch.asciidoc 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. [role="xpack"]
    2. 

  2. [[configuring-tls]]
    3. 

  3. === Encrypting communications in {es}
    4. 

  4. 

  5. {security} enables you to encrypt traffic to, from, and within your {es} cluster.
    6. 

  6. Connections are secured using Transport Layer Security (TLS/SSL).
    7. 

  7. 

  8. WARNING: Clusters that do not have encryption enabled send all data in plain text
    9. 

  9. including passwords and will not be able to install a license that enables {security}.
    10. 

  10. 

  11. To enable encryption, you need to perform the following steps on each node in
    12. 

  12. the cluster:
    13. 

  13. 

  14. . Verify that the `xpack.security.enabled` setting is `true`. For more
    15. 

  15. information, see <<security-settings>>. 
    16. 

  16. 

  17. . <<node-certificates, Generate a private key and X.509 certificate>>.
    18. 

  18. 

  19. . Configure each node to:
    20. 

  20. .. Required: <<tls-transport,Enable TLS on the transport layer>>.
    21. 

  21. .. Recommended: <<tls-http,Enable TLS on the HTTP layer>>.
    22. 

  22. 

  23. . If you are using Active Directory user authentication, 
    24. 

  24. <<tls-active-directory,encrypt communications between {es} and your Active Directory server>>. 
    25. 

  25. 

  26. . If you are using LDAP user authentication, 
    27. 

  27. <<tls-ldap,encrypt communications between {es} and your LDAP server>>. 
    28. 

  28. 

  29. For more information about encrypting communications across the Elastic Stack,
    30. 

  30. see {xpack-ref}/encrypting-communications.html[Encrypting Communications].
    31. 

  31. 

  32. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/node-certificates.asciidoc
    33. 

  33. include::node-certificates.asciidoc[]
    34. 

  34. 

  35. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-transport.asciidoc
    36. 

  36. include::tls-transport.asciidoc[]
    37. 

  37. 

  38. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-http.asciidoc
    39. 

  39. include::tls-http.asciidoc[]
    40. 

  40. 

  41. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-ad.asciidoc
    42. 

  42. include::tls-ad.asciidoc[]
    43. 

  43. 

  44. :edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/tls-ldap.asciidoc
    45. 

  45. include::tls-ldap.asciidoc[]
    46.