Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Transport SSL must be enabled if security is enabled on a [basic] license

Tags:

elasticsearch

I have installed Elasticsearch 7.1 on Ubuntu. I want to password protect the cluster, so I have set: xpack.security.enabled: true in elasticsearch.yml file. Now when I restart Elasticsearch I get the message:

Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled]

I am using the basic license. I have seen this guide which explains how to use elasticsearch-certutil to install SSL certificates on the nodes.

Questions:

  1. Is it possible to password protect the cluster without setting xpack.security.transport.ssl.enabled to true?

  2. If I have the guide mentioned above and install SSL certifiactes on elasticsearch cluster, do I need any ssl certificate on my webserver? I don't want the communication between the web server and elasticsearch to use SSL.

like image 945
Hooman Bahreini Avatar asked May 26 '19 23:05

Hooman Bahreini

People also ask

What does Xpack security enabled do?

You configure xpack. security settings to enable anonymous access and perform message authentication, set up document and field level security, configure realms, encrypt communications with SSL,and audit security events. All of these settings can be added to the elasticsearch.

What is SSL enabled server?

SSL (Secure Sockets Layer) is a transaction security standard that provides encrypted protection between browsers and App Servers. When SSL is enabled for an App Server, browsers communicate with the App Server by means of an HTTPS connection, which is HTTP over an encrypted Secure Sockets Layer.

What is Xpack security?

X-Pack is an Elastic Stack extension that provides security, alerting, monitoring, reporting, machine learning, and many other capabilities. By default, when you install Elasticsearch, X-Pack is installed.

1 Answers

According to this answer:

For a cluster that is running in production mode with a production license, once security is enabled, transport TLS/SSL must also be enabled. On the other hand, if we are running with a trial license, then transport TLS/SSL is not obligatory.

It's not possible. In production mode, if you want to use any of the xpack security features by enabling (setting xpack.security.enabled = true), then you need to use TLS/SSL certificate.

By default, the web server (and Kibana) can communicate with the cluster without any TLS/SSL certificate (The certificate is used for communication within ES nodes). If you do want to use TLS/SSL between the cluster and your web server, then you need to set xpack.security.http.ssl.enabled which is set to false by default.

like image 157
Hooman Bahreini Avatar answered Sep 20 '22 22:09

Hooman Bahreini
Sign in to Comment

Related questions

How to update the mapping in Elasticsearch to change the field datatype and change the type of analyzers in string
How to disable camel casing Elasticsearch field names in NEST?
In ElasticSearch, how do I filter the nested documents in my result?
ElasticSearch POST with json search body vs GET with json in url
ElasticSearch disappearing / crashing -- cannot find log files or any other information
How to install ElasticSeach plugins using docker compose
max file descriptors for elasticsearch process is too low
Multiple group-by in Elasticsearch
Elasticsearch query based on timestamp
Elasticsearch reindex error - client request timeout
unable to install elasticsearch plugin
How do you debug your Nest queries?
How to bind Elasticsearch 2.0 on both Loopback and Non-Loopback interfaces?
Elasticsearch - set max_clause_count
Can not start elasticsearch as a service in ubuntu 16.04
Accessing Lucene query in Elastic Search's native script scorer
GET HTTP request payload
Spring Data Elasticsearch: Multiple Index with same Document
Are there conventions for naming/organizing Elasticsearch indexes which store log data?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!