By default, ElasticSearch is using plain text protocol without any authentication. And it is very less-secure.
I am not familiar with ES, So I setup IP based firewall to prevent unwanted ES query from others. But it is not enough.
ES have an official plugin called x-pack which gives authentication, TLS, etc.
I tried to follow their guide, But the document is not well maintained and complicated.
Anyone can help me to setup this? I think security is default, Not an option.
(And maybe I should patch Mastodon to handle this
ES_PASSWORD as environment config)