Last year I set up an ElasticSearch box to monitor a few of my servers. The goal was to learn the basics of the elastic ecosystem. I know how powerful it is but never played enough with it before.
While doing the setup, I was wondering about how to secure communication between nodes. I can not send data over plain HTTP to the nodes, and also have to make sure to have some amount of authentication. I was a bit confused about the subscriptions options.
Authenticated onion services to rescue
I use authenticated onion services in many of my regular services. It provides an easy way to connect to services (over TCP) along with encryption and authentication.
Using the same in the logstash server is an even better option for me as I do
not have to open up any port in the firewall. As the
logstash was listening
to 5044 on
localhost, I added the following configuration to the
/etc/tor/torrc in the
logstash server. You should use v3 addresses, and
this blog post will
explain how to configure that.
HiddenServiceDir /var/lib/tor/logstash HiddenServiceVersion 2 HiddenServicePort 5044 127.0.0.1:5044 HiddenServiceAuthorizeClient stealth logstash
In the client nodes, I first had to configure Tor to reach my Onion service
(details is in the blog post above). Next, I added the server address and local
proxy (from Tor) details to
output.logstash: # The Logstash hosts hosts: ["youronionaddress.onion:5044"] proxy_url: socks5://localhost:9050 proxy_use_local_resolver: false index: "filebeat-kushaldas"
And done :) Just start the
logstash server, and also the
in every node. The data will start flowing in.
If you have query about the Tor Project, you can visit our new https://community.torproject.org/ site.