I've got elasticsearch and kibana running in docker containers, on an isolated docker network. The only port that is "exposed" is Kibana's (unencrypted) web interface. And this is only exposed on localhost; there's an nginx instance in front of it providing HTTPS service, reverse-proxying Kibana.
Now I'm trying to secure it. I want to tie Kibana logins to our OpenID provider. To do that, I need to enable the token service. And to do that, I need to configure elasticsearch TLS.
Really? Is there no way around this? What exactly is TLS going to add to this setup, other than a lot of maintenance hassle?
