Securing Intra-cluster Communication

Because a Seq cluster is deployed behind a load balancer it is often sufficient to secure access to the load balancer and leave communication between cluster nodes unsecured. This configuration offers easier setup and slightly better performance.

Communication between cluster nodes is unsecured unless TLS connections are configured.

If you do require secure connections between Seq nodes, start by applying certificates in the usual way for Seq on Windows and Seq on Docker with the additional constraint that the certificate must be a PKCS12 (PFX) file (not PEM) and must be password protected. Proceed with the following steps:

For each Seq node, ensure that the cluster.clusterListenUriserver configuration setting is using thewss://` secure protocol.
For each Seq node, ensure that the cluster.internalApiUri server configuration setting is using the https:// secure protocol.
For each Seq node, ensure that the certificates.defaultPassword server configuration setting is the correct password for the server's certificate.
For each Seq node, ensure that the api.listenUris server configuration setting contains only secure URIs.
Update the load balancer to connect via https://.

Serilog

Microsoft.Extensions.Logging

NLog

log4net

OpenTelemetry .NET SDK

Syslog

RabbitMQ

Windows Event Logs

PowerShell

Scripts & Automation

Log Files

OpenTelemetry .NET SDK

SerilogTracing

OpenID Connect Authentication

IdentityServer Setup

Microsoft Entra ID Authentication

Active Directory Authentication

Deleting Events

How do Signal Indexes work?

Audit Schema

Audit Events

Configuring HTTPS with HTTP.sys

Configuring a Cluster Load Balancer

Configuring a Cluster State Database

Configuring a Cluster Diagnostic Instance

Configuring a Clustered Seq Node

Securing Intra-cluster Communication

Finalizing Cluster Configuration

Securing Intra-cluster Communication