Hypertext Transfer Protocol Secure (HTTPS) is a security-enhanced version of HTTP. HTTPS works with Secure Socket Layer (SSL) to ensure the security of data transmission. HTTPS uses HTTP for communications. SSL is used to encrypt the data. To ensure data security, we recommend that you enable HTTPS. This topic describes how to enable HTTPS for an Elasticsearch cluster.
Prerequisites
- An Alibaba Cloud Elasticsearch cluster is created.
For more information, see Create an Alibaba Cloud Elasticsearch cluster.
- A client node is purchased for the Elasticsearch cluster.
You can purchase a client node when you create an Elasticsearch cluster or upgrade the configuration of an Elasticsearch cluster. For more information, see Parameters on the buy page and Upgrade the configuration of a cluster.Note For security purposes, after you enable HTTPS for an Elasticsearch cluster, Alibaba Cloud Elasticsearch maintains and updates the certificates on which the Elasticsearch cluster depends on a regular basis. To reduce the impacts of node restart caused by certificate update on online business, Alibaba Cloud Elasticsearch deploys the certificates on client nodes that are used to forward requests. If you have not purchased client nodes for your Elasticsearch cluster and you want to enable HTTPS for the cluster, the system prompts you to purchase client nodes when you enable HTTPS for the cluster. You must follow the instructions to purchase client nodes.
- Modify the code of your client that you want to use to access the Elasticsearch cluster.
If you do not modify the code, you cannot use the client to access the cluster.
In the following code, the REST client of open source Elasticsearch is used. After you enable HTTPS, you must include the
https
parameter inHttpHost
, such asnew HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https"));
. Sample code:- Code before HTTPS is enabled
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "Your password")); RestClientBuilder restClientBuilder = RestClient.builder( new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200)); RestClient restClient = restClientBuilder.setHttpClientConfigCallback( new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); } }).build();
- Code after HTTPS is enabled
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "Your password")); RestClientBuilder restClientBuilder = RestClient.builder( new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https")); RestClient restClient = restClientBuilder.setHttpClientConfigCallback( new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); } }).build();
- Code before HTTPS is enabled
Procedure
FAQ
Q: How do I obtain the required certificates after I enable HTTPS for my Elasticsearch cluster?
A: To ensure the security and stability of Alibaba Cloud Elasticsearch clusters, Alibaba Cloud Elasticsearch does not provide certificates for the public.