Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: f7edcb0857
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
securing-communications
/
tutorial-tls-intro.asciidoc

tutorial-tls-intro.asciidoc 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. [role="xpack"]
    2. 

  2. [testenv="basic"]
    3. 

  3. [[encrypting-internode-communications]]
    4. 

  4. == Tutorial: Encrypting communications
    5. 

  5. 

  6. In the {stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]
    7. 

  7. and <<security-getting-started,Getting started with security>> tutorials, we
    8. 

  8. used a cluster with a single {es} node to get up and running with the {stack}.
    9. 

  9. 

  10. You can add as many nodes as you want in a cluster but they must be able to
    11. 

  11. communicate with each other. The communication between nodes in a cluster is
    12. 

  12. handled by the {ref}/modules-transport.html[transport module]. To secure your
    13. 

  13. cluster, you must ensure that the internode communications are encrypted.
    14. 

  14. 

  15. NOTE: In this tutorial, we add more nodes by installing more copies of {es} on
    16. 

  16. the same machine. By default, {es} binds to loopback addresses for HTTP and
    17. 

  17. transport communication. That is fine for the purposes of this tutorial and for
    18. 

  18. downloading and experimenting with {es} in a test or development environment.
    19. 

  19. When you are deploying a production environment, however, you are generally
    20. 

  20. adding nodes on different machines so that your cluster is resilient to outages
    21. 

  21. and avoids data loss. In a production scenario, there are additional
    22. 

  22. requirements that are not covered in this tutorial. See
    23. 

  23. {ref}/bootstrap-checks.html#dev-vs-prod-mode[Development vs production mode] and
    24. 

  24. {ref}/add-elasticsearch-nodes.html[Adding nodes to your cluster].
    25. 

  25. 

  26. [float]
    27. 

  27. [[encrypting-internode-prerequisites]]
    28. 

  28. === Before you begin
    29. 

  29. 

  30. Ideally, you should do this tutorial after you complete the 
    31. 

  31. {stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}] and
    32. 

  32. <<security-getting-started,Getting started with security>> tutorials.
    33. 

  33. 

  34. At a minimum, you must install and configure {es} and {kib} in a cluster with a
    35. 

  35. single {es} node. In particular, this tutorial provides instructions for adding
    36. 

  36. nodes that work with the `zip` and `tar.gz` packages.
    37. 

  37. 

  38. IMPORTANT: To complete this tutorial, you must install the default {es} and
    39. 

  39. {kib} packages, which include the encrypted communications {security-features}.
    40. 

  40. When you install these products, they apply basic licenses with no expiration
    41. 

  41. dates. All of the subsequent steps in this tutorial assume that you are using a
    42. 

  42. basic license. For more information, see {subscriptions} and
    43. 

  43. {stack-ov}/license-management.html[License-management].
    44. 

  44. 

  45. include::tutorial-tls-certificates.asciidoc[]
    46. 

  46. include::tutorial-tls-internode.asciidoc[]
    47. 

  47. include::tutorial-tls-addnodes.asciidoc[]
    48.