Hypertext Transfer Protocol Secure (HTTPS) is a security-enhanced version of HTTP. HTTPS works with Secure Socket Layer (SSL) to ensure the security of data transmission. HTTPS uses HTTP for communications. SSL is used to encrypt the data. To ensure data security, we recommend that you enable HTTPS.

Prerequisites

  • An Alibaba Cloud Elasticsearch cluster is created.

    For more information, see Create an Elasticsearch cluster.

  • A client node is available.

    You can purchase a client node during the Elasticsearch cluster creation or upgrade. For more information, see Upgrade the configuration of a cluster.

  • The code of the client that is used to access your Elasticsearch cluster is modified. Otherwise, you cannot use client programs to access your Elasticsearch cluster.
    Use the REST client of the open-source Elasticsearch as an example. After you enable HTTPS, you must include the https parameter in HttpHost, for example, new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https"));. The sample code is as follows:
    • The code before HTTPS is enabled 
      final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY,
            new UsernamePasswordCredentials("elastic", "Your password"));
RestClientBuilder restClientBuilder = RestClient.builder(
            new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200));
        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
            new RestClientBuilder.HttpClientConfigCallback() {
                @Override
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                    return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                }
            }).build();
    • The code after HTTPS is enabled 
      final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY,
            new UsernamePasswordCredentials("elastic", "Your password"));
RestClientBuilder restClientBuilder = RestClient.builder(
            new HttpHost("es-cn-xxxxx.elasticsearch.aliyuncs.com", 9200, "https"));
        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
            new RestClientBuilder.HttpClientConfigCallback() {
                @Override
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                    return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                }
            }).build();

Procedure

  1. Log on to the Alibaba Cloud Elasticsearch console.
  2. In the top navigation bar, select the region where your Alibaba Cloud Elasticsearch cluster resides.
  3. Find the target cluster and click its ID.
  4. In the left-side navigation pane of the cluster details page, click Security.
  5. In the Network Settings section of the page that appears, turn on the HTTPS switch.
    Warning During the process of enabling or disabling HTTPS, the services that run in the cluster are interrupted and the Elasticsearch cluster is restarted. Make sure that the operation does not affect your services.
  6. In the Note message, select the I have created an HTTPS client check box and click OK.
    Note
    Note If you have not purchased client nodes, the system prompts you to purchase client nodes when you try to turn on the HTTPS switch. You must follow the instructions to purchase client nodes.
    After you confirm the operation, the Elasticsearch cluster restarts. You can check the restart progress in the Tasks dialog box. After the Elasticsearch cluster is restarted, you can then access the cluster over HTTPS.