ECE: Clarify HTTPS requirement for Cloud UI browser access (port 12443)#6983
ECE: Clarify HTTPS requirement for Cloud UI browser access (port 12443)#6983magdalena-alicja-michalska wants to merge 2 commits into
Conversation
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
🔍 Preview links for changed docs |
✅ Elastic Docs Style Checker (Vale)No issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
| | 3 | Proxy | 9300, 9343 | {{es}} transport client. 9300 is plain text and 9343 is with TLS, also required by load balancers<br> | | ||
| | 3 | Proxy | 9400, 9443 | {{es}} Cross Cluster Search and Cross Cluster Replication with TLS authentication (9400) or API key authentication (9443), also required by load balancers. Can be blocked if [CCR/CCS](../../remote-clusters/ece-enable-ccs.md) is not used.<br> | | ||
| | 7 | Coordinator | 12400/12443 | Cloud UI console to API (HTTP/HTTPS)<br> | | ||
| | 7 | Coordinator | 12443 (required), 12400 (optional) | Cloud UI console (HTTPS required for browser access, HTTP for API only)<br> | |
There was a problem hiding this comment.
why is 12400 marked as optional? for programmatic access?
There was a problem hiding this comment.
apart from yoel's comment, this lgtm. however, we should make equivalent changes to the 3.x docs over here because it's a big blocker (the user on 3.8 might be using these docs), and consider backporting to 3.7 - should be able to just use the edit button, but let me know if you need help
https://www.elastic.co/guide/en/cloud-enterprise/3.8/ece-networking-prereq.html
3 participants
Summary
Starting with ECE 3.7.0, browser access to the Cloud UI requires HTTPS on port 12443. HTTP on port 12400 remains functional for programmatic API access (e.g.,
curl) but browsers cannot render the UI over HTTP due to aContent-Security-Policy: upgrade-insecure-requestsdirective.This was an undocumented change that has caused customer confusion (e.g., elastic/sdh-control-plane#13040).
Changes
log-into-cloud-ui.md:http://<FIRST_HOST>:12400URLece-networking-prereq.md:Context
Test plan
Made with Cursor