Diable HTTPS/TLS but keep Authentication enabled?

Andymel · October 23, 2020, 3:43pm

Hi,

is it possible to disable encryption but keep authentication enabled?
I want

my nginx proxy to be the https endpoint
and no encryption for tcp as the only service that is client to my single-node ES instance is on the same server as the ES.

So to keep things simple and not encrypt data where it’s not needed I want no https / tls at the ES connection endpoints. But I still want to have the login on the admin gui.

DisableExternalTcpTls: True logs:

The 'DisableExternalTcpTls' option has been deprecated as of version 20.6.1.
TLS is enabled on at least one TCP/HTTP interface - a certificate is required to run EventStoreDB.
Invalid Configuration Encountered
A certificate is required unless insecure mode (--insecure) is set.

Insecure: True => disables the admin gui

If it’s not possible to disable encryption but enable authentication, what would you recommend to be the next simplest thing that actually would work?

Thanks a lot in advance
Andy

alexey.zimarev · October 23, 2020, 7:27pm

Disabling TLS means that credentials are sent openly over the wire. Essentially, it is equal to no security at all. That is the reason for us to disable authentication in insecure mode, so users don’t get a false sense of the database being “secured” by something that can be easily intercepted.