I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!
front-end (nginx,kibana, logstash)
back-end (elasticserach/serachguard (ES/SG)
I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)
I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!
So I want to stop and first ask what’s the best way to install serachugard in my situation?
Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates…
Does demo ssl install script will help me?
I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.
What’s the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?
Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.
Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG
Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.