Securing Intra-cluster Communication

Because a Seq cluster is deployed behind a load balancer it is often sufficient to secure access to the load balancer and leave communication between cluster nodes unsecured. This configuration offers easier setup and slightly better performance.

If you do require secure connections between Seq nodes, start by applying certificates in the usual way for Seq on Windows and Seq on Docker with the additional constraint that the certificate must be a PKCS12 (PFX) file (not PEM) and must be password protected. Proceed with the following steps:

1. For each Seq node, ensure that the cluster.clusterListenUriserver configuration setting is using thewss://` secure protocol.
2. For each Seq node, ensure that the cluster.internalApiUri server configuration setting is using the https:// secure protocol.
3. For each Seq node, ensure that the certificates.defaultPassword server configuration setting is the correct password for the server's certificate.
4. For each Seq node, ensure that the api.listenUris server configuration setting contains only secure URIs.
5. Update the load balancer to connect via https://.