WARNING: Version 6.2 of APM Server has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Security
editSecurity
editAPM Server exposes a HTTP endpoint and as with anything that opens ports on your servers, you should be careful about who can connect to it. We recommend using firewall rules to ensure only authorized systems can connect.
There is also the option of setting up SSL to ensure data sent to the APM Server is encrypted.
SSL/TLS setup
editTo enable SSL/TLS you need a private key and a certificate issued by a certification authority (CA).
Then you can specify the path to those files in the configuration properties
apm-server.ssl.key
and
apm-server.ssl.certificate
respectively.
This will make the APM Server to serve HTTPS requests instead of HTTP.
Hence, you also need to enable SSL in the agent.
For agent specific details,
please check the agent documentation for how to do it.
Secret token
editYou can configure a secret token which is sent with every request from the APM agents to the server. This string is used to ensure that only your agents can send data to your APM servers. Both the agents and the APM servers have to be configured with the same secret token.
The usage of a secret token only provides any security when used in combination with having SSL/TLS configured.