Enabling the elasticsearch token service without enabling TLS

Tom

3/24/23, 5:23 PM

I've got elasticsearch and kibana running in docker containers, on an isolated docker network. The only port that is "exposed" is Kibana's (unencrypted) web interface. And this is only exposed on localhost; there's an nginx instance in front of it providing HTTPS service, reverse-proxying Kibana.

Now I'm trying to secure it. I want to tie Kibana logins to our OpenID provider. To do that, I need to enable the token service. And to do that, I need to configure elasticsearch TLS.

Really? Is there no way around this? What exactly is TLS going to add to this setup, other than a lot of maintenance hassle?

0 + 0

ssl

https

elasticsearch

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Enabling the elasticsearch token service without enabling TLS

TH: เปิดใช้งานบริการโทเค็น elasticsearch โดยไม่ต้องเปิดใช้งาน TLS

RO: Activarea serviciului de indicativ elasticsearch fără a activa TLS

RU: Включение службы токенов elasticsearch без включения TLS

VI: Bật dịch vụ mã thông báo elaticsearch mà không cần bật TLS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.