secure Kibana and elasticsearch using SSL / TLS - elasticsearch

Thanks for taking the time to read this :)
My web app (grimoirelab) contains multiple services spun up using docker-compose which contains elasticsearch and kibana . Port 5601 (kibana) is open and accessible through the web.
I want to enable SSL / TLS in the Kibana container , i.e , change the URL from http to https
Kibana and Elasticsearch are both of Version : 6.8.6
I have very less experience in web security so would really appreciate any guidance on the same...

You can follow this elasticsearch documentation for configuration of SSL and TLS, and it is available as free after 6.8 version.
Please check Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash blog.
Please check this documentation for how to setup SSL and TLS with Elasticsearch Docker Container.

Related

How to expose my Elastic Search server to the internet?

I've done installed my ElasticSearch (ES) Server on a VPS Centos. I did test the ES inside the Server and it response correctly.
My next step, is to allow my website which is host on a different web host to access and index its data content into my ES server.
My question is, what is the recommended way of exposed the ES to the internet, so my website can access to it to perform index and search? Is there's authentication method that I need to install ?
You need to include network.host:0.0.0.0 in your elasticsearch.yml file so that it listens on the non-loopback address and after that, if your app-server and ES are both in the same VPC, app-server will be able to connect to ES(provided if you exposed 9200 port in security group(in case of AWS).
And hopefully, your app-server port is exposed to the internet which internally connects to ES, you should not expose 9200 port of ES or Elasticsearch to the internet.
If you want an extra layer of security, you can enable x-pack basic which is included in the free tier and can be enabled using xpack.security.enabled: true in elasticsearch.config.
Refer x-pack features and configuration for more info.

SSL/TLS enabling in ElasticSearch 6.2.4

We are using elastic-search-6.2.4 for our product and currently it is working with HTTP. Now we have a requirement to configure the same elastic-search-6.2.4 with HTTPS. I went through the several blogs on elastic search website but found out that it is available in the latest version but is there any way if i could configure HTTPS in 6.2.4 as well? Please help me out.

How to allow requests to elasticsearch only from a list of ips/domains

I read the docs, but I couldn't make it work.
I have a server that holds elasticsearch and external ones that query it. Until now I can access the elasticsearch from any ip.
Example:
the public ip:port of elasticsearchserver: 123.123.123.123:9200
I have the domains: anothersocialnetwork.com and anothersocialnetwork2.com
and I want only them and localhost to be able to query the elasticsearch server.
Thank you alot
There are multiple way to achieve this. The one i would like to advice is as follows -
Run Elasticsearch in localhost interface by network.host as localhost in elasticsearch.yml file.
Now only applications in localhost can access the application
Place a proxy like nginx or apache and this proxy would be able to access elasticsearch. Now whitelist the IP's you want to access Elasticsearch in the proxy.
Also you can take a look at Elasticsearch jetty plugin. It has some security configurations along with it. But i am not sure if its actively developed.
Also on security Elasticsearch , i would recommend to go through this blog.

Getting Logstash to talk to Elastic Search with HTTPS + Basic auth

I have Elastic Search as part of the ELMA appliance. This appliance presents ES via HTTPS protected by basic auth. I have Logstash running on a separate machine. This Logstash needs to send log data to ES. What is the right output configuration to use?
Thanks for any pointers.
-Raj
there is an option in new version:
http://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-password
ssledit
Value type is boolean
Default value is false
SSL Configurations (HTTP only)
Enable SSL
Looks like Logstash's elasticsearch_http module does not support SSL, or does not handle self-signed certs. My solution was to disable SSL on the ElasticSearch httpd conf entry in the ELMA appliance.

Connect to Elasticsearch Heroku database

I've set up a starter account on Heroku with a Bonsai elasticsearch add-on. I'm trying to connect to it via a Java application, but can't seem to connect via either Transport Client or the NodeBuilder options that are explained on the elasticsearch documentation pages.
I can run the following CURL to post data:
curl -XPOST http://banyan-7086980.us-east-1.bonsai.io/med/test/hello3 -d '{"title":"Hello world2"}'
My current line of thought is this:
Client client = new TransportClient()
.addTransportAddress(new InetSocketTransportAddress("http://banyan-7086980.us-east-1.bonsai.io", 9300));
But this is not working. What am I missing?
Most services that offer hosted Elasticsearch on Heroku does not support any other transport than HTTP. The canonical way of interfacing with Elasticsearch from Java is using either the Transport client or the Node client, both of which you've tried connecting to HTTP-endpoints.
The transport and node clients use a custom-built binary protocol which is not compatible with HTTP.
Additionally, this binary protocol by default does not support some core features you should expect in a production setup: authentication and encryption.
If your requirements include running on Heroku and using the official Java clients, have a look at Found Elasticsearch on Heroku, which provides support for the transport client using a custom transport module: https://github.com/foundit/elasticsearch-transport-module
Disclosure: I'm one of the developers at Found
Bonsai is a hosted service for elasticsearch, and if you are using the heroku addon, there are internals of both ES and Heroku that are abstracted.
For instance, the URL that you are hitting is at port 80 (http), whereas you are attempting to connect to 9300 (which is the default Elasticsearch port). This tells me that there is a proxy layer in between that is hiding ports 9200 and 9300 from the outside world, for security reasons.
What to do?
You could try connecting your Java client to port 80.
Client client = new TransportClient() .addTransportAddress(new InetSocketTransportAddress("http://banyan-7086980.us-east-1.bonsai.io", 80));
If you are using Heroku to host your application, follow the instructions of the Bonsai addon, use the ENV variables to setup the connection.
If you just want to have a hosted instance, you can use alternatives such as qbox for found
I prefer using Elasticsearch on Openshift.

Resources