- Legacy APM Server Reference:
- Overview
- Getting Started With APM Server
- Setting up APM Server
- Upgrading APM Server
- Configuring APM Server
- General configuration options
- Configure the output
- Parse data using ingest node pipelines
- Specify SSL settings
- Load the Elasticsearch index template
- Manual index lifecycle management
- Configure logging
- Set up Real User Monitoring (RUM) support
- Use environment variables in the configuration
- Set up project paths
- Securing APM Server
- Monitoring APM Server
- Real User Monitoring (RUM)
- Tune Data Ingestion
- Storage Management
- Intake API
- Exploring data in Elasticsearch
- Exported fields
- Troubleshooting
- Release notes
Securing APM Serveredit
The following topics provide information about securing the APM Server process and securing communication between APM Server and other products in the Elastic stack:
Security Overviewedit
APM Server exposes an HTTP endpoint and as with anything that opens ports on your servers, you should be careful about who can connect to it. Firewall rules are recommended to ensure only authorized systems can connect.
Secret tokenedit
You can configure a secret token to authorize requests to the APM Server, and ensure that only your agents can send data to your APM servers. Both the agents and the APM servers have to be configured with the same secret token.
Secret tokens provide security only when used in combination with SSL/TLS. Secret tokens are not applicable for RUM, as they would be publicly exposed.
SSL/TLS setupedit
To enable SSL/TLS you need a private key and a certificate issued by a certification authority (CA).
You can then specify the path to those files in your configuration properties:
apm-server.ssl.key
and apm-server.ssl.certificate
respectively.
This will make the APM Server serve HTTPS requests instead of HTTP.
Don’t forget, you also need to enable SSL in the agent.
For agent specific details on enabling SSL/TLS,
please see the agent documentation.
On this page