I need to be able to connect some software to my elasticsearch cluster that can’t support self-signed certificates. Can ElasticSearch be configured to listen on two ports, one requiring SSL/TLS (9200) and the other not requiring SSL/TLS (9280)?
The software in question is in development and is not yet capable of handling self-signed certificates.
Thanks very much.
@DGEllis It is possible to configure what you are looking for if you are running a cluster with more than a single node. You just need to specify the port (http.port: 9280) and disable SSL on http side (opendistro_security.ssl.http.enabled: false). If you do so, you would be able to talk to 2 different nodes using https://:9200 and http://:9280. Although the port number would not be needed in this case, as simply changing the ssl setting on that node (make sure you restart node after changing elasticsearch.yml file) would enable you to call the cluster using 2 separate nodes. The transport layer would still be used under the hood, therefore the cluster would be formed successfully. Hope this helps.
Can both http and https enabled on same node on two different ports?
we have a requirement to support both http and https on same node with two different ports. As normally any http server supports both http and https.
@disha27 A single ES instance can only bind to a single port, meaning to achieve what you described, you would need to run 2 instances on the same machine, on separate ports. Hope this helps