Link: Simple ELK Authentication

Mar 27, 2017   #elk  #docker  #logs 

There are several open-source and free solutions that provide Elasticsearch access authentication, but if you want something quick and simple, here is how to do it yourself with just Nginx…

I’ve been using an ELK stack to store my logs. I was using a random port, so I was only protected by the good, old security through obscurity method. This made me uncomfortable since anyone could read or post to my logs, but I didn’t want to use X-Pack or SearchGuard because they both felt too heavy for my simple use case.

I came across the linked article and used the simple Nginx proxy method they outlined. My previous attempt used Logspout to send my syslogs over http to a central Logstash instance. Now, each of my Docker servers has a Logspout container that communicates to a local Logstash container. Logstash then communicates to a central Elasticsearch instance that’s protected by a Basic-Authenticated, TLS-encrypted proxied endpoint.

While it’s slightly more complicated than it was before, my ELK stack is now secure and my cross-server logs are encrypted and protected against prying eyes.