stunnel is tool that can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.
We can use stunnel to bind to a port on localhost (e.g., 19200), which in turn will connect to Elastic Cloud.
Here is a sample configuration to achieve this:
; Actually verify the certificate verify = 2 ; Works for Ubuntu. Adapt to your system. CApath = /etc/ssl/certs pid = /var/run/stunnel4/found-us-east-1.pid ; Log level. WARN=4, DEBUG=7 debug = 4 [foundcluster] ; Service that tunnels traffic to a single region's endpoint. This configuration is not cluster specific. accept = 19200 client = yes ; Don't cache DNS. IPs of Elastic Cloud's load balancers may change. delay = yes ; Replace us-east-1 with your region. Valid hosts: ; - proxy-v1-us-east-1.foundcluster.com ; - proxy-v1-us-west-1.foundcluster.com ; - proxy-v1-eu-west-1.foundcluster.com ; - proxy-v1-sa-east-1.foundcluster.com ; - proxy-v1-ap-northeast-1.foundcluster.com ; - proxy-v1-ap-southeast-1.foundcluster.com connect = proxy-v1-us-east-1.foundcluster.com:9243
To use this with Ubuntu:
apt-get install stunnel4.
Put the above file in
service stunnel4 start
Then you will have a service that listens to port 19200 and forwards traffic to