HTTPS for Elasticsearch - Elasticsearch - Alibaba Cloud Documentation Center

Hypertext Transfer Protocol Secure (HTTPS) is a security-enhanced version of HTTP. HTTPS works with Secure Socket Layer (SSL) to ensure the security of data transmission. HTTPS uses HTTP for communications. SSL is used to encrypt data. To ensure data security, we recommend that you enable HTTPS. This topic describes how to enable HTTPS for an Elasticsearch cluster.

Prerequisites

The following operations are performed:

Create an Alibaba Cloud Elasticsearch cluster.
For more information, see Create an Alibaba Cloud Elasticsearch cluster.

Modify the code of your client that you want to use to access the Elasticsearch cluster. If you do not modify the code, you cannot use the client to access the cluster.

In the following sample code, the REST client of open source Elasticsearch is used. After you enable HTTPS, you must include the https parameter in HttpHost, such as new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https"));.

Code before HTTPS is enabled

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY,
            new UsernamePasswordCredentials("elastic", "Your password"));
RestClientBuilder restClientBuilder = RestClient.builder(
            new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200));
        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
            new RestClientBuilder.HttpClientConfigCallback() {
                @Override
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                    return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                }
            }).build();

Code after HTTPS is enabled

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY,
            new UsernamePasswordCredentials("elastic", "Your password"));
RestClientBuilder restClientBuilder = RestClient.builder(
            new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https"));
        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
            new RestClientBuilder.HttpClientConfigCallback() {
                @Override
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                    return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                }
            }).build();

Procedure

Log on to the Alibaba Cloud Elasticsearch console.
In the left-side navigation pane, click Elasticsearch Clusters.
Navigate to the desired cluster.
1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
2. On the Elasticsearch Clusters page, find the cluster and click its ID.
In the left-side navigation pane of the page that appears, click Security.
In the Network Settings section, turn on Enable HTTPS.
Warning
During the process of enabling or disabling HTTPS, the services that run on the Elasticsearch cluster are interrupted, and the cluster is restarted. Make sure that the enabling or disabling operation does not affect your business.
In the Note dialog box, select I have created an HTTPS client and click OK.
Note
For Elasticsearch clusters of some versions, you must purchase client nodes. If you have not purchased client nodes, the system prompts you to purchase client nodes when you turn on Enable HTTPS. You must follow the instructions to purchase client nodes.
- You can purchase client nodes when you create an Elasticsearch cluster or upgrade the configuration of an Elasticsearch cluster. For more information, see Parameters on the buy page and Upgrade the configuration of a cluster.
- For information about whether you need to purchase client nodes, see Can I enable HTTPS for an Elasticsearch cluster that does not contain client nodes?
After you confirm the operation, the Elasticsearch cluster is restarted. You can view the restart progress in the Tasks dialog box. After the restart is complete, you can access the Elasticsearch cluster over HTTPS.

FAQ

Q: How do I obtain the required certificates after I enable HTTPS for my Elasticsearch cluster?

A: To ensure the security and stability of Alibaba Cloud Elasticsearch clusters, Alibaba Cloud Elasticsearch does not provide certificates for the public.