From f6f9097cd99a0240e49e76e079e73b611739b63a Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Sun, 11 Oct 2020 10:53:54 -0400
Subject: [PATCH] Enable tls for 9200 on search capable nodes

---
 salt/elasticsearch/files/sotls.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/elasticsearch/files/sotls.yml b/salt/elasticsearch/files/sotls.yml
index c676f4a56..00045442a 100644
--- a/salt/elasticsearch/files/sotls.yml
+++ b/salt/elasticsearch/files/sotls.yml
@@ -9,4 +9,8 @@ protocols:
 ciphers:
 - TLS_RSA_WITH_AES_128_CBC_SHA256
 transport.encrypted: true
+{%- if grains['role'] in ['so-node','so-heavynode'] %}
+http.encrypted: true
+{%- else %}
 http.encrypted: false
+{%- endif %}