SSL/TLS enabling in ElasticSearch 6.2.4 - elasticsearch

We are using elastic-search-6.2.4 for our product and currently it is working with HTTP. Now we have a requirement to configure the same elastic-search-6.2.4 with HTTPS. I went through the several blogs on elastic search website but found out that it is available in the latest version but is there any way if i could configure HTTPS in 6.2.4 as well? Please help me out.

Related

Can't access Kibana in browser (ELK 8.2)

I'm trying to set up an ELK stack on a remote Oracle Cloud server, but I can't access kibana from a browser. Installation using deb package. The version of elasticsearch and kibana I'm installing is 8.2 (in this version, security settings are already enabled by default, including settings and generation of security certificates) - the latest version for now. I perform the installation according to the instructions from the official site, but nothing is said there about the remote access settings.
I tried to change the settings in the kibana.yaml file, uncommented the "server.port: 5601" field and edited server.host: "my ip" (I also tried server.host: "0.0.0.0"), but this does not help .
I also tried to access from the network directly to elasticsearch. I edited its configuration in a similar way, but it did not help. In my case, access to elasticsearch from the network is not essential, but I would also like to get it.
I know that Oracle servers by default have restrictions on the forwarded traffic, so I unblocked the elastic and kibana ports (9200 and 5601) in the Oracle control panel.
I also allowed ports 9200 and 5601 through ipitables. The UFW firewall is by default in the "inactive" status. When checked through nmap, both ports return a "filtered" status.
Please help fix the issue. I'm just doing a standard installation according to the instructions and I don't understand what the problem is.
I solved the problem by setting up a reverse proxy nginx so that it redirects requests coming to the server to localhost:5601. These two articles helped me, I hope it helps someone else:
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-20-04-ru (step 2)

secure Kibana and elasticsearch using SSL / TLS

Thanks for taking the time to read this :)
My web app (grimoirelab) contains multiple services spun up using docker-compose which contains elasticsearch and kibana . Port 5601 (kibana) is open and accessible through the web.
I want to enable SSL / TLS in the Kibana container , i.e , change the URL from http to https
Kibana and Elasticsearch are both of Version : 6.8.6
I have very less experience in web security so would really appreciate any guidance on the same...
You can follow this elasticsearch documentation for configuration of SSL and TLS, and it is available as free after 6.8 version.
Please check Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash blog.
Please check this documentation for how to setup SSL and TLS with Elasticsearch Docker Container.

Elasticsearch-OSS 7.9.2 with SSL

Can we have an OSS instance of elasticsearch with SSL/https?
I tried this solution, but likely we will need an x-pack that is not available in OSS.
The idea is to have just SSL working in HTTPS, no Authentication required (for testing HTTPS client purposes only)
The security features in elasticseach are not included in the OSS version, only in the versions that uses at least the Basic free Elastic License.
To use HTTPS in the OSS version you will need to have a proxy in front of your nodes, like HAProxy and NGINX.

Elastic search and kibana not running in browser

I'm trying to install Elastic search and kibanna in my linux server, both elastic search and kibana service started, but i cannot able to to go the URL. [This site cannot be reached - http://127.0.0.1:9203/ http://localhost:5601
both i have tried]
Please help to update, what could be the issue. Is there any port level change i need to do ? please guide

Securing Kibana for an internet facing startup

New to Kibana & not an expert in web security. We're trying to build a small startup in which we're leveraging Kibana 5.x for our backoffice analysts for data exploration. This is a webapp and will be accessible over the internet.
Also, X-PACK security (though promising) may not be an option for us purely because of cost.
I''d like to summarize my thoughts and get them validated by professionals out here.
Firstly, I'm thinking of putting Elasticsearch behind a firewall so that only my APP server and Kibana server could access - ES is now secure.
I'm thinking of fronting Kibana using a Reverse Proxy (Apache or Nginx) and apply basic authentication. And everything will be over HTTPS.
I'll only allow GET requests to Kibana through this Reverse Proxy so that the users can read only.
Does this have any gap? Also I'm wondering if Kibana makes a direct call to Elasticsearch from it's Javascript running on the browser? If this is true then we would have another potential backdoor to get to ES. What should be done if this is true.

Resources