Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Updates TLS configuration info #41983

Merged
merged 2 commits into from
May 20, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,8 @@
[[configuring-tls-docker]]
=== Encrypting communications in an {es} Docker Container

Starting with version 6.0.0, {stack} {security-features}
(Gold, Platinum or Enterprise subscriptions)
https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html[require SSL/TLS]
encryption for the transport networking layer.
Unless you are using a trial license, {stack} {security-features} require
SSL/TLS encryption for the transport networking layer.

This section demonstrates an easy path to get started with SSL/TLS for both
HTTPS and transport using the {es} Docker image. The example uses
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ your {es} cluster. Connections are secured using Transport Layer Security
(TLS/SSL).

WARNING: Clusters that do not have encryption enabled send all data in plain text
including passwords and will not be able to install a license that enables
{security-features}.
including passwords. If the {es} {security-features} are enabled, unless you
have a trial license, you must configure SSL/TLS for internode-communication.

To enable encryption, you need to perform the following steps on each node in
the cluster:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
[[ssl-tls]]
=== Setting Up TLS on a cluster
=== Setting up TLS on a cluster

The {stack} {security-features} enables you to encrypt traffic to, from, and
The {stack} {security-features} enable you to encrypt traffic to, from, and
within your {es} cluster. Connections are secured using Transport Layer Security
(TLS), which is commonly referred to as "SSL".

WARNING: Clusters that do not have encryption enabled send all data in plain text
including passwords and will not be able to install a license that enables
{security-features}.
including passwords. If the {es} {security-features} are enabled, unless you have a trial license, you must configure SSL/TLS for internode-communication.

The following steps describe how to enable encryption across the various
components of the Elastic Stack. You must perform each of the steps that are
components of the {stack}. You must perform each of the steps that are
applicable to your cluster.

. Generate a private key and X.509 certificate for each of your {es} nodes. See
Expand All @@ -22,14 +21,14 @@ enable TLS on the HTTP layer. See
{ref}/configuring-tls.html#tls-transport[Encrypting Communications Between Nodes in a Cluster] and
{ref}/configuring-tls.html#tls-http[Encrypting HTTP Client Communications].

. Configure {monitoring} to use encrypted connections. See <<secure-monitoring>>.
. Configure the {monitor-features} to use encrypted connections. See <<secure-monitoring>>.

. Configure {kib} to encrypt communications between the browser and
the {kib} server and to connect to {es} via HTTPS. See
{kibana-ref}/using-kibana-with-security.html[Configuring Security in {kib}].
{kibana-ref}/using-kibana-with-security.html[Configuring security in {kib}].

. Configure Logstash to use TLS encryption. See
{logstash-ref}/ls-security.html[Configuring Security in Logstash].
{logstash-ref}/ls-security.html[Configuring security in {ls}].

. Configure Beats to use encrypted connections. See <<beats>>.

Expand Down
5 changes: 2 additions & 3 deletions docs/reference/setup/bootstrap-checks-xes.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,8 @@ must also be valid.
=== SSL/TLS check
//See TLSLicenseBootstrapCheck.java

In 6.0 and later releases, if you have a gold, platinum, or enterprise license
and {es} {security-features} are enabled, you must configure SSL/TLS for
internode-communication.
If you enable {es} {security-features}, unless you have a trial license, you
must configure SSL/TLS for internode-communication.

NOTE: Single-node clusters that use a loopback interface do not have this
requirement. For more information, see
Expand Down
3 changes: 1 addition & 2 deletions x-pack/docs/en/security/securing-communications.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@
Elasticsearch nodes store data that may be confidential. Attacks on the data may
come from the network. These attacks could include sniffing of the data,
manipulation of the data, and attempts to gain access to the server and thus the
files storing the data. Securing your nodes is required in order to use a production
license that enables {security-features} and helps reduce the risk from
files storing the data. Securing your nodes helps reduce the risk from
network-based attacks.

This section shows how to:
Expand Down