If it ends up in azure, even though it'll be in a "private" VM running inside docker compose with no ports exposed... I don't trust Microsoft. So I guess I'm being extra paranoid enabling SSL between the elastic containers, but it is also the default.

Odds are low I actually need to fuck with the security at this point and could have everything open. But screw sunk cost fallacy. I'm all in now.