{"id":2107,"date":"2024-07-27T09:02:40","date_gmt":"2024-07-27T07:02:40","guid":{"rendered":"https:\/\/blog.mhasin.eu\/?p=2107"},"modified":"2024-07-27T09:03:05","modified_gmt":"2024-07-27T07:03:05","slug":"elasticsearch-docker-ssl","status":"publish","type":"post","link":"https:\/\/blog.mhasin.eu\/?p=2107","title":{"rendered":"Elasticsearch docker ssl"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">env file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Password for the 'elastic' user (at least 6 characters)\nELASTIC_PASSWORD=\n\n# Password for the 'kibana_system' user (at least 6 characters)\nKIBANA_PASSWORD=\n\n# Version of Elastic products\nSTACK_VERSION=8.1.1\n\n# Set the cluster name\nCLUSTER_NAME=docker-cluster\n\n# Set to 'basic' or 'trial' to automatically start the 30-day trial\nLICENSE=basic\n#LICENSE=trial\n\n# Port to expose Elasticsearch HTTP API to the host\nES_PORT=9200\n#ES_PORT=127.0.0.1:9200\n\n# Port to expose Kibana to the host\nKIBANA_PORT=5601\n#KIBANA_PORT=80\n\n# Increase or decrease based on the available host memory (in bytes)\nMEM_LIMIT=1073741824\n\n# Project namespace (defaults to the current folder name if not set)\n#COMPOSE_PROJECT_NAME=myproject<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">DOcker compose:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>version: \"2.2\"\n\nservices:\n  setup:\n    image: docker.elastic.co\/elasticsearch\/elasticsearch:${STACK_VERSION}\n    volumes:\n      - certs:\/usr\/share\/elasticsearch\/config\/certs\n    user: \"0\"\n    command: >\n      bash -c '\n        if [ x${ELASTIC_PASSWORD} == x ]; then\n          echo \"Set the ELASTIC_PASSWORD environment variable in the .env file\";\n          exit 1;\n        elif [ x${KIBANA_PASSWORD} == x ]; then\n          echo \"Set the KIBANA_PASSWORD environment variable in the .env file\";\n          exit 1;\n        fi;\n        if [ ! -f certs\/ca.zip ]; then\n          echo \"Creating CA\";\n          bin\/elasticsearch-certutil ca --silent --pem -out config\/certs\/ca.zip;\n          unzip config\/certs\/ca.zip -d config\/certs;\n        fi;\n        if [ ! -f certs\/certs.zip ]; then\n          echo \"Creating certs\";\n          echo -ne \\\n          \"instances:\\n\"\\\n          \"  - name: es01\\n\"\\\n          \"    dns:\\n\"\\\n          \"      - es01\\n\"\\\n          \"      - localhost\\n\"\\\n          \"    ip:\\n\"\\\n          \"      - 127.0.0.1\\n\"\\\n          \"  - name: es02\\n\"\\\n          \"    dns:\\n\"\\\n          \"      - es02\\n\"\\\n          \"      - localhost\\n\"\\\n          \"    ip:\\n\"\\\n          \"      - 127.0.0.1\\n\"\\\n          \"  - name: es03\\n\"\\\n          \"    dns:\\n\"\\\n          \"      - es03\\n\"\\\n          \"      - localhost\\n\"\\\n          \"    ip:\\n\"\\\n          \"      - 127.0.0.1\\n\"\\\n          > config\/certs\/instances.yml;\n          bin\/elasticsearch-certutil cert --silent --pem -out config\/certs\/certs.zip --in config\/certs\/instances.yml --ca-cert config\/certs\/ca\/ca.crt --ca-key config\/certs\/ca\/ca.key;\n          unzip config\/certs\/certs.zip -d config\/certs;\n        fi;\n        echo \"Setting file permissions\"\n        chown -R root:root config\/certs;\n        find . -type d -exec chmod 750 \\{\\} \\;;\n        find . -type f -exec chmod 640 \\{\\} \\;;\n        echo \"Waiting for Elasticsearch availability\";\n        until curl -s --cacert config\/certs\/ca\/ca.crt https:\/\/es01:9200 | grep -q \"missing authentication credentials\"; do sleep 30; done;\n        echo \"Setting kibana_system password\";\n        until curl -s -X POST --cacert config\/certs\/ca\/ca.crt -u elastic:${ELASTIC_PASSWORD} -H \"Content-Type: application\/json\" https:\/\/es01:9200\/_security\/user\/kibana_system\/_password -d \"{\\\"password\\\":\\\"${KIBANA_PASSWORD}\\\"}\" | grep -q \"^{}\"; do sleep 10; done;\n        echo \"All done!\";\n      '\n    healthcheck:\n      test: [\"CMD-SHELL\", \"[ -f config\/certs\/es01\/es01.crt ]\"]\n      interval: 1s\n      timeout: 5s\n      retries: 120\n\n  es01:\n    depends_on:\n      setup:\n        condition: service_healthy\n    image: docker.elastic.co\/elasticsearch\/elasticsearch:${STACK_VERSION}\n    volumes:\n      - certs:\/usr\/share\/elasticsearch\/config\/certs\n      - esdata01:\/usr\/share\/elasticsearch\/data\n    ports:\n      - ${ES_PORT}:9200\n    environment:\n      - node.name=es01\n      - cluster.name=${CLUSTER_NAME}\n      - cluster.initial_master_nodes=es01,es02,es03\n      - discovery.seed_hosts=es02,es03\n      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}\n      - bootstrap.memory_lock=true\n      - xpack.security.enabled=true\n      - xpack.security.http.ssl.enabled=true\n      - xpack.security.http.ssl.key=certs\/es01\/es01.key\n      - xpack.security.http.ssl.certificate=certs\/es01\/es01.crt\n      - xpack.security.http.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.http.ssl.verification_mode=certificate\n      - xpack.security.transport.ssl.enabled=true\n      - xpack.security.transport.ssl.key=certs\/es01\/es01.key\n      - xpack.security.transport.ssl.certificate=certs\/es01\/es01.crt\n      - xpack.security.transport.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.transport.ssl.verification_mode=certificate\n      - xpack.license.self_generated.type=${LICENSE}\n    mem_limit: ${MEM_LIMIT}\n    ulimits:\n      memlock:\n        soft: -1\n        hard: -1\n    healthcheck:\n      test:\n        [\n          \"CMD-SHELL\",\n          \"curl -s --cacert config\/certs\/ca\/ca.crt https:\/\/localhost:9200 | grep -q 'missing authentication credentials'\",\n        ]\n      interval: 10s\n      timeout: 10s\n      retries: 120\n\n  es02:\n    depends_on:\n      - es01\n    image: docker.elastic.co\/elasticsearch\/elasticsearch:${STACK_VERSION}\n    volumes:\n      - certs:\/usr\/share\/elasticsearch\/config\/certs\n      - esdata02:\/usr\/share\/elasticsearch\/data\n    environment:\n      - node.name=es02\n      - cluster.name=${CLUSTER_NAME}\n      - cluster.initial_master_nodes=es01,es02,es03\n      - discovery.seed_hosts=es01,es03\n      - bootstrap.memory_lock=true\n      - xpack.security.enabled=true\n      - xpack.security.http.ssl.enabled=true\n      - xpack.security.http.ssl.key=certs\/es02\/es02.key\n      - xpack.security.http.ssl.certificate=certs\/es02\/es02.crt\n      - xpack.security.http.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.http.ssl.verification_mode=certificate\n      - xpack.security.transport.ssl.enabled=true\n      - xpack.security.transport.ssl.key=certs\/es02\/es02.key\n      - xpack.security.transport.ssl.certificate=certs\/es02\/es02.crt\n      - xpack.security.transport.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.transport.ssl.verification_mode=certificate\n      - xpack.license.self_generated.type=${LICENSE}\n    mem_limit: ${MEM_LIMIT}\n    ulimits:\n      memlock:\n        soft: -1\n        hard: -1\n    healthcheck:\n      test:\n        [\n          \"CMD-SHELL\",\n          \"curl -s --cacert config\/certs\/ca\/ca.crt https:\/\/localhost:9200 | grep -q 'missing authentication credentials'\",\n        ]\n      interval: 10s\n      timeout: 10s\n      retries: 120\n\n  es03:\n    depends_on:\n      - es02\n    image: docker.elastic.co\/elasticsearch\/elasticsearch:${STACK_VERSION}\n    volumes:\n      - certs:\/usr\/share\/elasticsearch\/config\/certs\n      - esdata03:\/usr\/share\/elasticsearch\/data\n    environment:\n      - node.name=es03\n      - cluster.name=${CLUSTER_NAME}\n      - cluster.initial_master_nodes=es01,es02,es03\n      - discovery.seed_hosts=es01,es02\n      - bootstrap.memory_lock=true\n      - xpack.security.enabled=true\n      - xpack.security.http.ssl.enabled=true\n      - xpack.security.http.ssl.key=certs\/es03\/es03.key\n      - xpack.security.http.ssl.certificate=certs\/es03\/es03.crt\n      - xpack.security.http.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.http.ssl.verification_mode=certificate\n      - xpack.security.transport.ssl.enabled=true\n      - xpack.security.transport.ssl.key=certs\/es03\/es03.key\n      - xpack.security.transport.ssl.certificate=certs\/es03\/es03.crt\n      - xpack.security.transport.ssl.certificate_authorities=certs\/ca\/ca.crt\n      - xpack.security.transport.ssl.verification_mode=certificate\n      - xpack.license.self_generated.type=${LICENSE}\n    mem_limit: ${MEM_LIMIT}\n    ulimits:\n      memlock:\n        soft: -1\n        hard: -1\n    healthcheck:\n      test:\n        [\n          \"CMD-SHELL\",\n          \"curl -s --cacert config\/certs\/ca\/ca.crt https:\/\/localhost:9200 | grep -q 'missing authentication credentials'\",\n        ]\n      interval: 10s\n      timeout: 10s\n      retries: 120\n\n  kibana:\n    depends_on:\n      es01:\n        condition: service_healthy\n      es02:\n        condition: service_healthy\n      es03:\n        condition: service_healthy\n    image: docker.elastic.co\/kibana\/kibana:${STACK_VERSION}\n    volumes:\n      - certs:\/usr\/share\/kibana\/config\/certs\n      - kibanadata:\/usr\/share\/kibana\/data\n    ports:\n      - ${KIBANA_PORT}:5601\n    environment:\n      - SERVERNAME=kibana\n      - ELASTICSEARCH_HOSTS=https:\/\/es01:9200\n      - ELASTICSEARCH_USERNAME=kibana_system\n      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}\n      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config\/certs\/ca\/ca.crt\n    mem_limit: ${MEM_LIMIT}\n    healthcheck:\n      test:\n        [\n          \"CMD-SHELL\",\n          \"curl -s -I http:\/\/localhost:5601 | grep -q 'HTTP\/1.1 302 Found'\",\n        ]\n      interval: 10s\n      timeout: 10s\n      retries: 120\n\nvolumes:\n  certs:\n    driver: local\n  esdata01:\n    driver: local\n  esdata02:\n    driver: local\n  esdata03:\n    driver: local\n  kibanadata:\n    driver: local<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Viac info:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.elastic.org.cn\/docs\/8.1\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/docker.html\n<\/div><\/figure>\n<div class=\"pdf24Plugin-cp\"> \t<form name=\"pdf24Form0\" method=\"post\" action=\"https:\/\/doc2pdf.pdf24.org\/wordpress.php\" target=\"pdf24PopWin\" onsubmit=\"var pdf24Win = window.open('about:blank', 'pdf24PopWin', 'resizable=yes,scrollbars=yes,width=600,height=250,left='+(screen.width\/2-300)+',top='+(screen.height\/3-125)+''); pdf24Win.focus(); if(typeof pdf24OnCreatePDF === 'function'){void(pdf24OnCreatePDF(this,pdf24Win));}\"> \t\t<input type=\"hidden\" name=\"blogCharset\" value=\"Cw1x07UAAA==\" \/><input type=\"hidden\" name=\"blogPosts\" value=\"MwQA\" \/><input type=\"hidden\" name=\"blogUrl\" value=\"yygpKSi20tdPyslP18vNSCzOzNNLLQUA\" \/><input type=\"hidden\" name=\"blogName\" value=\"c\/LxdwcA\" \/><input type=\"hidden\" name=\"blogValueEncoding\" value=\"gzdeflate base64\" \/><input type=\"hidden\" name=\"postId_0\" value=\"MzI0MAcA\" \/><input type=\"hidden\" name=\"postTitle_0\" value=\"c81JLC7JTC5OTSxKzlBIyU\/OTi1SKC7OAQA=\" \/><input type=\"hidden\" name=\"postLink_0\" value=\"yygpKSi20tdPyslP18vNSCzOzNNLLdW3L7A1MjQwBwA=\" \/><input type=\"hidden\" name=\"postAuthor_0\" value=\"y00syfcwNAIA\" \/><input type=\"hidden\" name=\"postDateTime_0\" value=\"MzIwMtE1MNc1MlcwsLQyMLcyMQAA\" \/><input type=\"hidden\" name=\"postContent_0\" value=\"7Vrrb+M2Ev+uv2KqLJotUEl+7KtOHMD1uoi7ySawvNv74D2BkeiYjV4VpSRuLv\/7DUlZlmwrdnKL2wDdBFAicmY4nMdvhrS1wxhcn3De1W9i48KP3CsjJgm5TEg8049oeA1T5tPOoRUfafhzGCd0jcGNPKofHYo\/R3twjpM3UeLBNEognVHYp0ifMncfMk4TeElS8CmOwBtwZ7iWm9KE\/6QNTnr2eNh3znu2\/cfZ6H1X0zYJu2IXJCQOn\/OUBltEfhj+2vvYq0r8jDMsCiGawkDpBXESeZmbcs0e9\/ofnM+DkT08+9h9ZzbNpmCxaSrXdv0MF00gJAHV+ief7PFg5HzsnQ66HpqBJkZOUPBEsH9BuNg5ar+fJoz4+2KUZGkUEFya+P4ceEoStUC7YXhkDpJQOxn2Bx\/tQVdK0PYWr2pSmCZK5BL0No44XWyGU5K4Mzgej8+hdz4UBELyLOKpNrCd87PRuPtLq9HQ9hZvzdZbs4G\/zY4cX5f8QVq8ImlhWMH\/+k2jqe2VR95JKcPQTdAnVOzdo\/n\/uBnqAZpfiCLXhPnkwldCIaBBlMzhJQvhYp5S9N\/p4NQ5GZ4OUcnG2\/bbV813rVdSwST6k7qpdASPiUvhpUenJPNTvlDTzZKEhinGje\/lLgM2hTBKgdP0J22vf3Z6fmYPnPPR2e+D\/lj5MZjHSvShJaMZwz6heeA\/lCfvz4T\/wY0CYbHds+VaBWMH9JbZ0jUNg\/mauZR3NBBqZrH4B4AF5JJ2QEWZmaeT6UYWLTu9+tZ5cVcJ53sp6Trys0DJFz8GuDRJecfKeGJxzBy6ItKNwim7tCSV5BH5huo2dPmGGw5I6HXgKBeI\/p2B4cJ+\/g7C6D\/u\/dI8gNsXd6spfg\/dLtzClwPhsrBgAaDuLAJ9kXerbICwxJIoDISDrwkmhIghpoLKXGCWflAWeMtSaC5HqF\/WawUndlRrhesraDVlB+t2+wGMqXKT5RLzbxbXKtbHHEtZeAn9XmWZCxZW3WoIcVnKfHAJGAZHvVBnw4hpAEaUpVB2e75qWWAWCjU2EIHhVYYfsTXx3G13krRqR0FghBQmpUGdhYisocimSahXZkTgC0ToAOWN5vosgBdu4lIpU8cj5jDDiS\/QbBMBi2tlFiD8oKqtJ6ja+jaqtp+gavv\/pepRNXaLQDHngb9r4uA\/O6ROEdWGgUhQvyrOu0RKX00rkVmuXAsJruh80zwOb0vPpSK7ZGgBdDLhBG5BTJOAcVGtuF7QIdlNCMYIkihKO+JRKzz0wAQjnccUPDDoLXWRO4g8ePu6AZO7yT1MDmropxX6N6820CuF\/yBMKYwtR7UfylsN5rN0XoKOLJS+zBJ0AJcmfsgFszSNsVZaAgBkswT\/gcuEok3\/Al0aB9fG3g7RS\/R2qWgzse\/xxCvxEbKwggP3KXK0G+IlpHUmr3S5EOddcL3m\/wJsZsZbd2BkkMdzZ1M1No4RZqMwRYWNMVq+AySO\/Xwr1p88CvV1I1gOp6gHGtYSzYFVUd1yFrqLwNPvJvrifaJ3Jvp66Z3o93rZrP++uy\/brVljt57vy\/EfChOpDmRGiZ\/O3Bl1rxY9D3aWaUcVIL1\/+t6wjwcnJ\/rPoKuaJCpS2Xhin\/IhDfhF\/5KLYWim5Jr4HWjyhWQWUISADrxejCQU23UsQIhE2BODLB1KD4\/GNPS4g81fTlvq91RrFXoslc1h3hU6ajPz59YSKvT2SEpwc7VsYl6Sx5EQX3BiHKqDyL06f0ifLjupJWGIDbMp6ktXWHGprTpzqZkXd+Vj2f0aEQuZSEUnIOLVESK5FPezqJTi0S54PMbdCBv0uckp9RxRfiTtCtnasXVDYhXEF4iQPMUzg6kOO444EeCRLqMFyS2eZ67MRUph3yjaSO9BGpGSJuf+44ixaHRXQxzHtvIJHjYVoEC7G1LkMfyOAMsIpzFHuitYtVUOukaJwRxxsDAobXLJddxo+5CLCNzZXlWORxqtyvxEy9UKeYr5qsIeY0OsAzTkFEX5U+eShjRBGs8UFRpjPr+eUKGOwe34LGAIhS\/uikO8msvkRAEASCpyYIl7PJoim9EsBhBLvGKgDs8Lagni5V6wBPHl4cfW\/KIFXS38+9sL\/35p6Q3lo7FWP5ZDGwpIq66AqJPJM64OrR2qw3bob3076G9WyZ4tmrfk4+lonvP\/s9B8u9F2QPPtlvuO5t\/RvITm7QfRvPWM0bz9VdC8\/Y3RvPX80bwtH09H85z\/n4Xm2422A5pvt9x3NP+O5gs0VxdfdXi+vPrZ4Xan3OjvSt7+3++O1A7yP0+tILmQjaVDzYnysIGj\/oao9OHyfUd+3lxbXOzBCPWVH+YqsasXNfagN+ofO8dn9tjurl1m1lB\/sisy88vNGuLSTdDq7WYNh22fOP3BaDz8bdjvjQe9T+Pjs9FwPBzY3c2hvzWTv34uDmW6VbJNeKKcbeJLB1bTbEK70YLfoiz0vlp2lcJOBZzKsoRdi4+jpUqyn8pvIR+abT042948Wwrc9flHflngMyMuWmEaLb8ngC7ONnxVgAYX1NOPDj12vXnOcW5QZkwT\/UhbxPLNzU2R01FyabqhhZnOrXdmszKH+X6ZMQ97t5UPuayETmlCQ5da+bcorBwqZmnga4cWqoObVTofaf8F\" \/> \t\t<a href=\"https:\/\/www.pdf24.org\" target=\"_blank\" title=\"www.pdf24.org\" rel=\"nofollow\"><img src=\"https:\/\/blog.mhasin.eu\/wp-content\/plugins\/pdf24-post-to-pdf\/img\/pdf_32x32.png\" alt=\"\" border=\"0\" height=\"32\" \/><\/a> \t\t<span class=\"pdf24Plugin-cp-space\">\u00a0\u00a0<\/span> \t\t<span class=\"pdf24Plugin-cp-text\">Send article as PDF<\/span> \t\t<span class=\"pdf24Plugin-cp-space\">\u00a0\u00a0<\/span> \t\t<input class=\"pdf24Plugin-cp-input\" style=\"margin: 0px;\" type=\"text\" name=\"sendEmailTo\" placeholder=\"Enter email address\" \/> \t\t<input class=\"pdf24Plugin-cp-submit\" style=\"margin: 0px;\" type=\"submit\" value=\"Send\" \/> \t<\/form> <\/div>","protected":false},"excerpt":{"rendered":"env file: DOcker compose: Viac info: \u00a0\u00a0 Send article as PDF \u00a0\u00a0\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"arc_restricted_post":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2107","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/posts\/2107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2107"}],"version-history":[{"count":1,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/posts\/2107\/revisions"}],"predecessor-version":[{"id":2108,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=\/wp\/v2\/posts\/2107\/revisions\/2108"}],"wp:attachment":[{"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mhasin.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}