├── .env ├── .gitignore ├── .travis.yml ├── LICENSE ├── Makefile ├── README.md ├── config ├── apm-server │ └── apm-server.yml ├── auditbeat │ └── auditbeat.yml ├── elasticsearch │ ├── elasticsearch.p12 │ └── elasticsearch.yml ├── filebeat │ └── filebeat.yml ├── heartbeat │ └── heartbeat.yml ├── kibana │ ├── kibana.p12 │ └── kibana.yml ├── logstash │ ├── logstash.p12 │ ├── logstash.yml │ └── pipeline │ │ └── logstash.conf ├── metricbeat │ └── metricbeat.yml ├── packetbeat │ └── packetbeat.yml └── ssl │ └── instances.yml ├── docker-compose.setup.yml ├── docker-compose.yml ├── screenshots └── docker-vm-memory-settings.png ├── scripts ├── setup-beat.sh ├── setup-elasticsearch.sh ├── setup-kibana.sh ├── setup-logstash.sh ├── setup-permissions.sh ├── setup-users.sh └── setup.sh ├── setup.yml └── stack └── .gitignore /.env: -------------------------------------------------------------------------------- 1 | TAG=6.6.1 2 | ELASTIC_VERSION=6.6.1 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/*~ 2 | # We wanna ignore any config/ssl/etc.. type file. As the setup container will create these for us. 3 | 4 | config/elasticsearch/elasticsearch.crt 5 | config/elasticsearch/elasticsearch.key 6 | config/elasticsearch/elasticsearch.keystore 7 | config/kibana/kibana.crt 8 | config/kibana/kibana.key 9 | config/kibana/kibana.keystore 10 | config/logstash/logstash.crt 11 | config/logstash/logstash.key 12 | config/logstash/logstash.keystore 13 | config/ssl/ca/ca.crt 14 | config/ssl/ca/ca.key 15 | config/ssl/docker-cluster-ca.zip 16 | config/ssl/docker-cluster.zip 17 | 18 | config/auditbeat/auditbeat.keystore 19 | config/filebeat/filebeat.keystore 20 | config/heartbeat/heartbeat.keystore 21 | config/metricbeat/metricbeat.keystore 22 | config/packetbeat/packetbeat.keystore 23 | config/apm-server/apm-server.keystore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: ['3.5'] 4 | script: make 5 | 6 | sudo: required 7 | services: ['docker'] 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL=/bin/bash 2 | 3 | ifndef ELASTIC_VERSION 4 | ELASTIC_VERSION := $(shell awk 'BEGIN { FS = "[= ]" } /^ELASTIC_VERSION=/ { print $$2 }' .env) 5 | endif 6 | export ELASTIC_VERSION 7 | 8 | ifndef GIT_BRANCH 9 | GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD) 10 | endif 11 | 12 | TARGETS := apm-server elasticsearch logstash kibana beats 13 | 14 | images: $(TARGETS) 15 | push: $(TARGETS:%=%-push) 16 | clean: $(TARGETS:%=%-clean) 17 | 18 | $(TARGETS): $(TARGETS:%=%-checkout) 19 | (cd stack/$@ && make) 20 | 21 | $(TARGETS:%=%-push): $(TARGETS:%=%-checkout) 22 | (cd stack/$(@:%-push=%) && make push) 23 | 24 | $(TARGETS:%=%-checkout): 25 | test -d stack/$(@:%-checkout=%) || \ 26 | git clone https://github.com/elastic/$(@:%-checkout=%)-docker.git stack/$(@:%-checkout=%) 27 | (cd stack/$(@:%-checkout=%) && git fetch && git reset --hard && git checkout origin/$(GIT_BRANCH)) 28 | 29 | $(TARGETS:%=%-clean): 30 | rm -rf stack/$(@:%-clean=%) && find . -name "*.keystore" -exec rm -f {} \; && \ 31 | docker-compose -f docker-compose.setup.yml -f docker-compose.yml down --remove-orphans && \ 32 | docker-compose -f setup.yml down --remove-orphans && \ 33 | docker volume rm stack-docker_es_data 34 | 35 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # stack-docker 2 | 이 레파지토리의 Docker Compose 설정은 엘라스틱스택의 많은 요소들을 Docker 기반으로 단일 머신에서 모두 구동시키기 위한 것입니다. 3 | 4 | ## 사전 조건 5 | - Docker와 Docker Compose가 필요합니다. 6 | * 윈도우나 맥을 사용하는 사용자들은 Docker for Mac 또는 Docker for Windows를 사용하여 자동으로 설치할 수 있습니다. 7 | 8 | * 리눅스 사용자들은 다음 [문서](https://docs.docker.com/compose/install/#install-compose)를 참고하여 아래와 같이 pip로 설치할 수 있습니다. 9 | 10 | ``` 11 | pip install docker-compose 12 | ``` 13 | 14 | 15 | * 윈도우 사용자들은 반드시 다음 두가지 환경 변수를 설정해야 합니다. 16 | * `COMPOSE_CONVERT_WINDOWS_PATHS=1` 17 | * `PWD=/path/to/checkout/for/stack-docker` 18 | 19 | * 예를 들어 저는 로컬에 이 레파지토리를 git clone 한 경로로 다음 경로를 사용한다고 가정하겠습니다: `/c/Users/nick/elastic/stack-docker` 20 | * 주의: 반드시 `/c/path/to/place` 와 형식으로 경로를 작성해야 합니다. 일반적인 윈도우의 경로처럼 `C:\path\to\place`와 같이 작성하시면 안됩니다. 21 | * 다음 세가지 방법으로 설정할 수 있습니다.: 22 | 1. 파워쉘을 사용하여 임시로 환경 변수를 추가하는 방법은 다음과 같습니다: `$Env:COMPOSE_CONVERT_WINDOWS_PATHS=1` 23 | 2. 파워쉘을 사용하여 영구적으로 환경 변수를 추가하는 방법은 다음과 같습니다: `[Environment]::SetEnvironmentVariable("COMPOSE_CONVERT_WINDOWS_PATHS", "1", "Machine")` 24 | 25 | > 주의: 해당 설정을 반영하기 위해서는 refresh를 하거나 파워쉘을 새로 구동해야 할 수도 있습니다. 26 | 3. 시스템 설정(System Properties)에 환경 변수를 추가합니다. 27 | 28 | 29 | * 컨테이너 구동을 위해 최소한 4GiB의 RAM 메모리 공간이 필요합니다. 윈도우와 맥 사용자들은 반드시 기본값으로 설정되어 있는 2GiB의 RAM 메모리 공간보다 더 큰 메모리(4GiB 이상)로 Docker 가상 머신을 설정해야 합니다: 30 | 31 | ![Docker VM memory settings](screenshots/docker-vm-memory-settings.png) 32 | 33 | * 리눅스 사용자들은 반드시 `root` 권한으로 다음 설정을 수행해야합니다: 34 | 35 | ``` 36 | sysctl -w vm.max_map_count=262144 37 | ``` 38 | 기본값으로 할당되어 있는 가상 메모리 공간으로는 [부족합니다](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html). 39 | 40 | 41 | ## stack 시작하기 42 | 43 | 먼저 우리는 다음 절차를 수행해야합니다: 44 | 45 | 1. 기본 패스워드 설정 46 | 2. 패스워드들을 저장할 keystore 생성 47 | 3. 비츠와 apm에서 사용되는 인덱스 패턴 등을 위한 대시보드 설치 48 | 49 | 위 절차들은 setup.yml 파일을 사용하여 수행됩니다. 아래 명령을 실행하십시오: 50 | 51 | ``` 52 | docker-compose -f setup.yml up 53 | ``` 54 | 55 | 설치가 완료되고나면 출력되는 note를 확인해주세요. 콘솔에 출력되는 내용에 패스워드가 포함되어 있습니다. 이 패스워드를 사용하여 elastic에 로그인 할 수 있습니다. 56 | 57 | 이제 우리는 `docker-compose up -d` 명령으로 stack을 실행할 수 있습니다. 이 명령을 통해 Elasticsearch, Kibana, Logstash, Auditbeat, Metricbeat, Filebeat, Packetbeat, 58 | and Heartbeat로 구성된 데모용 Elastic Stack이 생성됩니다. 59 | 60 | 브라우저를 사용하여 [`http://localhost:5601`](http://localhost:5601) 접속하고 결과를 확인해보십시오. 61 | > *주의*: 엘라스틱서치는 현재 자가서명(self-signed) 인증서(certs)로 설치되었습니다. 62 | 63 | `elastic`에 로그인하기 위한 자동 생성된 패스워드는 설치시 표시된 패스워드를 사용합니다. 64 | 65 | -------------------------------------------------------------------------------- /config/apm-server/apm-server.yml: -------------------------------------------------------------------------------- 1 | apm-server.frontend.enabled: true 2 | apm-server.host: "0.0.0.0:8200" 3 | 4 | output.elasticsearch: 5 | hosts: ['elasticsearch:9200'] 6 | protocol: "https" 7 | username: elastic 8 | # Read PW from apm-server.keystore 9 | password: "${ELASTIC_PASSWORD}" 10 | ssl.certificate_authorities: ["/usr/share/apm-server/certs/ca/ca.crt"] 11 | 12 | setup.kibana: 13 | host: "http://kibana:5601" 14 | username: elastic 15 | password: "${ELASTIC_PASSWORD}" 16 | protocol: "http" 17 | ssl.enabled: false 18 | ssl.certificate_authorities: ["/usr/share/apm-server/certs/ca/ca.crt"] 19 | -------------------------------------------------------------------------------- /config/auditbeat/auditbeat.yml: -------------------------------------------------------------------------------- 1 | auditbeat.modules: 2 | 3 | - module: auditd 4 | audit_rules: | 5 | -w /etc/passwd -p wa -k identity 6 | -a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access 7 | 8 | - module: file_integrity 9 | paths: 10 | - /bin 11 | - /usr/bin 12 | - /sbin 13 | - /usr/sbin 14 | - /etc 15 | 16 | output.elasticsearch: 17 | hosts: ['elasticsearch:9200'] 18 | protocol: "https" 19 | username: elastic 20 | # Read PW from auditbeat.keystore 21 | password: "${ELASTIC_PASSWORD}" 22 | ssl.certificate_authorities: ["/usr/share/auditbeat/certs/ca/ca.crt"] 23 | 24 | setup.kibana: 25 | host: "http://kibana:5601" 26 | username: elastic 27 | password: "${ELASTIC_PASSWORD}" 28 | protocol: "http" 29 | ssl.enabled: false 30 | ssl.certificate_authorities: ["/usr/share/auditbeat/certs/ca/ca.crt"] 31 | 32 | xpack.monitoring.enabled: true 33 | -------------------------------------------------------------------------------- /config/elasticsearch/elasticsearch.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YonghoChoi/stack-docker/20891e98854c08b3043d0f25d06d3df036592214/config/elasticsearch/elasticsearch.p12 -------------------------------------------------------------------------------- /config/elasticsearch/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | cluster.name: "docker-cluster" 2 | network.host: 0.0.0.0 3 | transport.host: 0.0.0.0 4 | 5 | # minimum_master_nodes need to be explicitly set when bound on a public IP 6 | # set to 1 to allow single node clusters 7 | # Details: https://github.com/elastic/elasticsearch/pull/17288 8 | discovery.zen.minimum_master_nodes: 1 9 | xpack.license.self_generated.type: trial 10 | xpack.security.enabled: true 11 | xpack.security.http.ssl.enabled: true 12 | xpack.security.http.ssl.verification_mode: certificate 13 | xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key 14 | xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt 15 | xpack.security.http.ssl.certificate_authorities: [ "certs/ca/ca.crt" ] 16 | 17 | xpack.security.transport.ssl.enabled: true 18 | xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key 19 | xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt 20 | xpack.security.transport.ssl.certificate_authorities: [ "certs/ca/ca.crt" ] 21 | -------------------------------------------------------------------------------- /config/filebeat/filebeat.yml: -------------------------------------------------------------------------------- 1 | filebeat.config: 2 | prospectors: 3 | path: ${path.config}/prospectors.d/*.yml 4 | reload.enabled: false 5 | modules: 6 | path: ${path.config}/modules.d/*.yml 7 | reload.enabled: false 8 | 9 | processors: 10 | - add_cloud_metadata: 11 | 12 | output.elasticsearch: 13 | hosts: ['elasticsearch:9200'] 14 | protocol: "https" 15 | username: elastic 16 | # Read PW from filebeat.keystore 17 | password: "${ELASTIC_PASSWORD}" 18 | ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca/ca.crt"] 19 | 20 | setup.kibana: 21 | host: "http://kibana:5601" 22 | username: elastic 23 | password: "${ELASTIC_PASSWORD}" 24 | protocol: "http" 25 | ssl.enabled: false 26 | ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca/ca.crt"] 27 | 28 | xpack.monitoring.enabled: true 29 | -------------------------------------------------------------------------------- /config/heartbeat/heartbeat.yml: -------------------------------------------------------------------------------- 1 | heartbeat.monitors: 2 | - type: http 3 | schedule: '@every 5s' 4 | urls: 5 | - https://elasticsearch:9200 6 | - http://kibana:5601 7 | ssl: 8 | certificate_authorities: ["/usr/share/heartbeat/certs/ca/ca.crt"] 9 | 10 | - type: icmp 11 | schedule: '@every 5s' 12 | hosts: 13 | - elasticsearch 14 | - kibana 15 | 16 | processors: 17 | - add_cloud_metadata: 18 | 19 | output.elasticsearch: 20 | hosts: ['elasticsearch:9200'] 21 | protocol: "https" 22 | username: elastic 23 | # Read PW from heartbeat.keystore 24 | password: "${ELASTIC_PASSWORD}" 25 | ssl.certificate_authorities: ["/usr/share/heartbeat/certs/ca/ca.crt"] 26 | 27 | setup.kibana: 28 | host: "http://kibana:5601" 29 | username: elastic 30 | password: "${ELASTIC_PASSWORD}" 31 | protocol: "http" 32 | ssl.enabled: false 33 | ssl.certificate_authorities: ["/usr/share/heartbeat/certs/ca/ca.crt"] 34 | 35 | xpack.monitoring.enabled: true 36 | -------------------------------------------------------------------------------- /config/kibana/kibana.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YonghoChoi/stack-docker/20891e98854c08b3043d0f25d06d3df036592214/config/kibana/kibana.p12 -------------------------------------------------------------------------------- /config/kibana/kibana.yml: -------------------------------------------------------------------------------- 1 | # Default Kibana configuration from kibana-docker. 2 | 3 | server.name: kibana 4 | server.host: "0" 5 | elasticsearch.url: https://elasticsearch:9200 6 | # elasticsearch.password is stored in `kibana.keystore` 7 | elasticsearch.username: kibana 8 | elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/certs/ca/ca.crt"] 9 | server.ssl.enabled: false 10 | #server.ssl.certificate: /usr/share/kibana/config/certs/kibana/kibana.crt 11 | #server.ssl.key: /usr/share/kibana/config/certs/kibana/kibana.key 12 | xpack.monitoring.ui.container.elasticsearch.enabled: true 13 | -------------------------------------------------------------------------------- /config/logstash/logstash.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YonghoChoi/stack-docker/20891e98854c08b3043d0f25d06d3df036592214/config/logstash/logstash.p12 -------------------------------------------------------------------------------- /config/logstash/logstash.yml: -------------------------------------------------------------------------------- 1 | http.host: 0.0.0.0 2 | # read password from logstash.keystore 3 | xpack.monitoring.elasticsearch.password: ${ELASTIC_PASSWORD} 4 | xpack.monitoring.elasticsearch.url: https://elasticsearch:9200 5 | xpack.monitoring.elasticsearch.username: logstash_system 6 | xpack.monitoring.elasticsearch.ssl.ca: /usr/share/logstash/config/certs/ca/ca.crt 7 | 8 | -------------------------------------------------------------------------------- /config/logstash/pipeline/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | heartbeat { 3 | interval => 5 4 | message => 'Hello from Logstash 💓' 5 | } 6 | } 7 | 8 | output { 9 | elasticsearch { 10 | hosts => [ 'elasticsearch' ] 11 | user => 'elastic' 12 | password => "${ELASTIC_PASSWORD}" # read password from logstash.keystore 13 | ssl => true 14 | cacert => '/usr/share/logstash/config/certs/ca/ca.crt' 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /config/metricbeat/metricbeat.yml: -------------------------------------------------------------------------------- 1 | metricbeat.config.modules: 2 | path: ${path.config}/modules.d/*.yml 3 | reload.enabled: false 4 | 5 | processors: 6 | - add_cloud_metadata: 7 | 8 | output.elasticsearch: 9 | hosts: ['elasticsearch:9200'] 10 | protocol: "https" 11 | username: elastic 12 | # Read PW from metricbeat.keystore 13 | password: "${ELASTIC_PASSWORD}" 14 | ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca/ca.crt"] 15 | 16 | setup.kibana: 17 | host: "http://kibana:5601" 18 | username: elastic 19 | password: "${ELASTIC_PASSWORD}" 20 | protocol: "http" 21 | ssl.enabled: false 22 | ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca/ca.crt"] 23 | 24 | xpack.monitoring.enabled: true 25 | -------------------------------------------------------------------------------- /config/packetbeat/packetbeat.yml: -------------------------------------------------------------------------------- 1 | packetbeat.interfaces.device: any 2 | 3 | packetbeat.flows: 4 | timeout: 30s 5 | period: 10s 6 | 7 | packetbeat.protocols.dns: 8 | ports: [53] 9 | include_authorities: true 10 | include_additionals: true 11 | 12 | packetbeat.protocols.http: 13 | ports: [80, 5601, 9200, 8080, 8081, 5000, 8002] 14 | 15 | packetbeat.protocols.memcache: 16 | ports: [11211] 17 | 18 | packetbeat.protocols.mysql: 19 | ports: [3306] 20 | 21 | packetbeat.protocols.pgsql: 22 | ports: [5432] 23 | 24 | packetbeat.protocols.redis: 25 | ports: [6379] 26 | 27 | packetbeat.protocols.thrift: 28 | ports: [9090] 29 | 30 | packetbeat.protocols.mongodb: 31 | ports: [27017] 32 | 33 | packetbeat.protocols.cassandra: 34 | ports: [9042] 35 | 36 | 37 | processors: 38 | - add_cloud_metadata: 39 | 40 | output.elasticsearch: 41 | hosts: ['elasticsearch:9200'] 42 | protocol: "https" 43 | username: elastic 44 | # Read PW from packetbeat.keystore 45 | password: "${ELASTIC_PASSWORD}" 46 | ssl.certificate_authorities: ["/usr/share/packetbeat/certs/ca/ca.crt"] 47 | 48 | setup.kibana: 49 | host: "http://kibana:5601" 50 | username: elastic 51 | password: "${ELASTIC_PASSWORD}" 52 | protocol: "http" 53 | ssl.enabled: false 54 | ssl.certificate_authorities: ["/usr/share/packetbeat/certs/ca/ca.crt"] 55 | 56 | xpack.monitoring.enabled: true 57 | -------------------------------------------------------------------------------- /config/ssl/instances.yml: -------------------------------------------------------------------------------- 1 | instances: 2 | - name: elasticsearch 3 | dns: 4 | - elasticsearch 5 | - localhost 6 | ip: 7 | - 127.0.0.1 8 | - name: kibana 9 | dns: 10 | - kibana 11 | - localhost 12 | ip: 13 | - 127.0.0.1 14 | - name: logstash 15 | dns: 16 | - logstash 17 | - localhost 18 | ip: 19 | - 127.0.0.1 20 | -------------------------------------------------------------------------------- /docker-compose.setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.6' 3 | services: 4 | # Setup Elasticsearch 5 | # * keystore 6 | # * SSL 7 | setup_elasticsearch: 8 | image: docker.elastic.co/elasticsearch/elasticsearch:${TAG} 9 | container_name: setup_elasticsearch 10 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-elasticsearch.sh | tr -d "\r" | bash'] 11 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 12 | working_dir: '/config' 13 | volumes: 14 | - '${PWD}/config:/config' 15 | - '${PWD}/scripts/setup-elasticsearch.sh:/usr/local/bin/setup-elasticsearch.sh:ro' 16 | 17 | setup_kibana: 18 | image: docker.elastic.co/kibana/kibana:${TAG} 19 | container_name: setup_kibana 20 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-kibana.sh | tr -d "\r" | bash'] 21 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 22 | working_dir: '/config' 23 | volumes: 24 | - '${PWD}/config:/config' 25 | - '${PWD}/scripts/setup-kibana.sh:/usr/local/bin/setup-kibana.sh:ro' 26 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/kibana/config/ca/ca.crt' 27 | depends_on: ['elasticsearch'] 28 | networks: ['stack'] 29 | 30 | setup_logstash: 31 | image: docker.elastic.co/logstash/logstash:${TAG} 32 | container_name: setup_logstash 33 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-logstash.sh | tr -d "\r" | bash'] 34 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 35 | working_dir: '/config' 36 | volumes: 37 | - '${PWD}/config:/config' 38 | - '${PWD}/scripts/setup-logstash.sh:/usr/local/bin/setup-logstash.sh:ro' 39 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/logstash/config/ca/ca.crt' 40 | depends_on: ['elasticsearch'] 41 | networks: ['stack'] 42 | 43 | setup_auditbeat: 44 | image: docker.elastic.co/beats/auditbeat:${TAG} 45 | container_name: setup_auditbeat 46 | user: root 47 | pid: host 48 | cap_add: ['AUDIT_CONTROL', 'AUDIT_READ'] 49 | volumes: 50 | - '${PWD}/config:/config' 51 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 52 | - '${PWD}/config/auditbeat/auditbeat.yml:/usr/share/auditbeat/auditbeat.yml' 53 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/auditbeat/certs/ca/ca.crt' 54 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s auditbeat'] 55 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 56 | networks: ['stack'] 57 | depends_on: ['kibana'] 58 | 59 | setup_filebeat: 60 | image: docker.elastic.co/beats/filebeat:${TAG} 61 | container_name: setup_filebeat 62 | user: root 63 | volumes: 64 | - '${PWD}/config:/config' 65 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 66 | - '${PWD}/config/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml' 67 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/filebeat/certs/ca/ca.crt' 68 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s filebeat'] 69 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 70 | networks: ['stack'] 71 | depends_on: ['kibana'] 72 | 73 | setup_heartbeat: 74 | image: docker.elastic.co/beats/heartbeat:${TAG} 75 | container_name: setup_heartbeat 76 | user: root 77 | volumes: 78 | - '${PWD}/config:/config' 79 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 80 | - '${PWD}/config/heartbeat/heartbeat.yml:/usr/share/heartbeat/heartbeat.yml' 81 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/heartbeat/certs/ca/ca.crt' 82 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s heartbeat'] 83 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 84 | networks: ['stack'] 85 | depends_on: ['kibana'] 86 | 87 | setup_metricbeat: 88 | image: docker.elastic.co/beats/metricbeat:${TAG} 89 | container_name: setup_metricbeat 90 | user: root 91 | volumes: 92 | - '${PWD}/config:/config' 93 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 94 | - '${PWD}/config/metricbeat/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml' 95 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/metricbeat/certs/ca/ca.crt' 96 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s metricbeat'] 97 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 98 | networks: ['stack'] 99 | depends_on: ['kibana'] 100 | 101 | setup_packetbeat: 102 | image: docker.elastic.co/beats/packetbeat:${TAG} 103 | container_name: setup_packetbeat 104 | user: root 105 | cap_add: ['NET_RAW', 'NET_ADMIN'] 106 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s packetbeat'] 107 | volumes: 108 | - '${PWD}/config:/config' 109 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 110 | - '${PWD}/config/packetbeat/packetbeat.yml:/usr/share/packetbeat/packetbeat.yml' 111 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/packetbeat/certs/ca/ca.crt' 112 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 113 | networks: ['stack'] 114 | depends_on: ['kibana'] 115 | 116 | setup_apm_server: 117 | image: docker.elastic.co/apm/apm-server:${TAG} 118 | container_name: setup_apm_server 119 | user: root 120 | command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s apm-server'] 121 | volumes: 122 | - '${PWD}/config:/config' 123 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 124 | - '${PWD}/config/apm-server/apm-server.yml:/usr/share/apm-server/apm-server.yml' 125 | - '${PWD}/config/ssl/ca/ca.crt:/usr/share/apm-server/certs/ca/ca.crt' 126 | environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] 127 | networks: ['stack'] 128 | depends_on: ['kibana'] 129 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.6' 3 | services: 4 | # The environment variable "TAG" is used throughout this file to 5 | # specify the version of the images to run. The default is set in the 6 | # '.env' file in this folder. It can be overridden with any normal 7 | # technique for setting environment variables, for example: 8 | # 9 | # TAG=6.0.0-beta1 docker-compose up 10 | # 11 | # REF: https://docs.docker.com/compose/compose-file/#variable-substitution 12 | # 13 | # Also be sure to set the ELASTIC_VERSION variable. For released versions, 14 | # ${TAG} and ${ELASTIC_VERSION} will be identical, but for pre-release 15 | # versions, ${TAG} might contain an extra build identifier, like 16 | # "6.0.0-beta1-3eab5b40", so a full invocation might look like: 17 | # 18 | # ELASTIC_VERSION=6.0.0-beta1 TAG=6.0.0-beta1-3eab5b40 docker-compose up 19 | # 20 | elasticsearch: 21 | image: docker.elastic.co/elasticsearch/elasticsearch:${TAG} 22 | container_name: elasticsearch 23 | secrets: 24 | - source: ca.crt 25 | target: /usr/share/elasticsearch/config/certs/ca/ca.crt 26 | - source: elasticsearch.yml 27 | target: /usr/share/elasticsearch/config/elasticsearch.yml 28 | - source: elasticsearch.keystore 29 | target: /usr/share/elasticsearch/config/elasticsearch.keystore 30 | - source: elasticsearch.key 31 | target: /usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.key 32 | - source: elasticsearch.crt 33 | target: /usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.crt 34 | ports: ['9200:9200'] 35 | networks: ['stack'] 36 | volumes: 37 | - 'es_data:/usr/share/elasticsearch/data' 38 | - '${PWD}/scripts/setup-users.sh:/usr/local/bin/setup-users.sh:ro' 39 | healthcheck: 40 | test: curl --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi 41 | interval: 30s 42 | timeout: 10s 43 | retries: 5 44 | 45 | kibana: 46 | image: docker.elastic.co/kibana/kibana:${TAG} 47 | container_name: kibana 48 | secrets: 49 | - source: kibana.yml 50 | target: /usr/share/kibana/config/kibana.yml 51 | - source: kibana.keystore 52 | target: /usr/share/kibana/data/kibana.keystore 53 | - source: ca.crt 54 | target: /usr/share/kibana/config/certs/ca/ca.crt 55 | - source: kibana.key 56 | target: /usr/share/kibana/config/certs/kibana/kibana.key 57 | - source: kibana.crt 58 | target: /usr/share/kibana/config/certs/kibana/kibana.crt 59 | ports: ['5601:5601'] 60 | networks: ['stack'] 61 | depends_on: ['elasticsearch'] 62 | healthcheck: 63 | test: curl --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -s https://localhost:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi 64 | interval: 30s 65 | timeout: 10s 66 | retries: 5 67 | 68 | logstash: 69 | image: docker.elastic.co/logstash/logstash:${TAG} 70 | container_name: logstash 71 | secrets: 72 | - source: logstash.conf 73 | target: /usr/share/logstash/pipeline/logstash.conf 74 | - source: logstash.yml 75 | target: /usr/share/logstash/config/logstash.yml 76 | - source: logstash.keystore 77 | target: /usr/share/logstash/config/logstash.keystore 78 | - source: ca.crt 79 | target: /usr/share/logstash/config/certs/ca/ca.crt 80 | networks: ['stack'] 81 | depends_on: ['elasticsearch'] 82 | healthcheck: 83 | test: bin/logstash -t 84 | interval: 60s 85 | timeout: 50s 86 | retries: 5 87 | 88 | auditbeat: 89 | image: docker.elastic.co/beats/auditbeat:${TAG} 90 | container_name: auditbeat 91 | command: -e --strict.perms=false # -e flag to log to stderr and disable syslog/file output 92 | cap_add: ['AUDIT_CONTROL', 'AUDIT_READ'] 93 | secrets: 94 | - source: auditbeat.yml 95 | target: /usr/share/auditbeat/auditbeat.yml 96 | - source: auditbeat.keystore 97 | target: /usr/share/auditbeat/auditbeat.keystore 98 | - source: ca.crt 99 | target: /usr/share/auditbeat/certs/ca/ca.crt 100 | # Auditbeat must run in the main process namespace. 101 | pid: host 102 | volumes: 103 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 104 | networks: ['stack'] 105 | depends_on: ['elasticsearch', 'kibana'] 106 | healthcheck: 107 | test: auditbeat --strict.perms=false test config 108 | interval: 30s 109 | timeout: 15s 110 | retries: 5 111 | 112 | filebeat: 113 | image: docker.elastic.co/beats/filebeat:${TAG} 114 | container_name: filebeat 115 | command: --strict.perms=false -e # -e flag to log to stderr and disable syslog/file output 116 | # If the host system has logs at "/var/log", mount them at "/mnt/log" 117 | # inside the container, where Filebeat can find them. 118 | # volumes: ['/var/log:/mnt/log:ro'] 119 | secrets: 120 | - source: filebeat.yml 121 | target: /usr/share/filebeat/filebeat.yml 122 | - source: filebeat.keystore 123 | target: /usr/share/filebeat/filebeat.keystore 124 | - source: ca.crt 125 | target: /usr/share/filebeat/certs/ca/ca.crt 126 | volumes: 127 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 128 | networks: ['stack'] 129 | depends_on: ['elasticsearch', 'kibana'] 130 | healthcheck: 131 | test: filebeat test config 132 | interval: 30s 133 | timeout: 15s 134 | retries: 5 135 | 136 | heartbeat: 137 | image: docker.elastic.co/beats/heartbeat:${TAG} 138 | container_name: heartbeat 139 | command: --strict.perms=false -e # -e flag to log to stderr and disable syslog/file output 140 | secrets: 141 | - source: heartbeat.yml 142 | target: /usr/share/heartbeat/heartbeat.yml 143 | - source: heartbeat.keystore 144 | target: /usr/share/heartbeat/heartbeat.keystore 145 | - source: ca.crt 146 | target: /usr/share/heartbeat/certs/ca/ca.crt 147 | volumes: 148 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 149 | networks: ['stack'] 150 | depends_on: ['elasticsearch', 'kibana'] 151 | healthcheck: 152 | test: heartbeat test config 153 | interval: 30s 154 | timeout: 15s 155 | retries: 5 156 | 157 | metricbeat: 158 | image: docker.elastic.co/beats/metricbeat:${TAG} 159 | container_name: metricbeat 160 | # The commented sections below enable Metricbeat to monitor the Docker host, 161 | # rather than the Metricbeat container. It's problematic with Docker for 162 | # Windows, however, since "/proc", "/sys" etc. don't exist on Windows. 163 | # The same likely applies to OSX (needs testing). 164 | # volumes: 165 | # - /proc:/hostfs/proc:ro 166 | # - /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro 167 | # - /:/hostfs:ro 168 | command: --strict.perms=false -e # -e flag to log to stderr and disable syslog/file output 169 | secrets: 170 | - source: metricbeat.yml 171 | target: /usr/share/metricbeat/metricbeat.yml 172 | - source: metricbeat.keystore 173 | target: /usr/share/metricbeat/metricbeat.keystore 174 | - source: ca.crt 175 | target: /usr/share/metricbeat/certs/ca/ca.crt 176 | volumes: 177 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 178 | networks: ['stack'] 179 | depends_on: ['elasticsearch', 'kibana'] 180 | healthcheck: 181 | test: metricbeat test config 182 | interval: 30s 183 | timeout: 15s 184 | retries: 5 185 | 186 | packetbeat: 187 | image: docker.elastic.co/beats/packetbeat:${TAG} 188 | container_name: packetbeat 189 | # Packetbeat needs some elevated privileges to capture network traffic. 190 | # We'll grant them with POSIX capabilities. 191 | cap_add: ['NET_RAW', 'NET_ADMIN'] 192 | # Use "host mode" networking to allow Packetbeat to capture traffic from 193 | # the real network interface on the host, rather than being isolated to the 194 | # container's virtual interface. 195 | network_mode: host 196 | # Since we did that, Packetbeat is not part of the "stack" Docker network 197 | # that the other containers are connected to, and thus can't resolve the 198 | # hostname "elasticsearch". Instead, we'll tell it to find Elasticsearch 199 | # on "localhost", which is the Docker host machine in this context. 200 | command: -e -E 'output.elasticsearch.hosts=["localhost:9200"]' 201 | depends_on: ['elasticsearch'] 202 | command: --strict.perms=false -e -E output.elasticsearch.hosts="https://localhost:9200" # -e flag to log to stderr and disable syslog/file output 203 | secrets: 204 | - source: packetbeat.yml 205 | target: /usr/share/packetbeat/packetbeat.yml 206 | - source: packetbeat.keystore 207 | target: /usr/share/packetbeat/packetbeat.keystore 208 | - source: ca.crt 209 | target: /usr/share/packetbeat/certs/ca/ca.crt 210 | volumes: 211 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 212 | depends_on: ['elasticsearch', 'kibana'] 213 | healthcheck: 214 | test: packetbeat test config 215 | interval: 30s 216 | timeout: 15s 217 | retries: 5 218 | 219 | apm-server: 220 | image: docker.elastic.co/apm/apm-server:${TAG} 221 | container_name: apm_server 222 | ports: ['8200:8200'] 223 | networks: ['stack'] 224 | command: --strict.perms=false -e # -e flag to log to stderr and disable syslog/file output 225 | secrets: 226 | - source: apm-server.yml 227 | target: /usr/share/apm-server/apm-server.yml 228 | - source: apm-server.keystore 229 | target: /usr/share/apm-server/apm-server.keystore 230 | - source: ca.crt 231 | target: /usr/share/apm-server/certs/ca/ca.crt 232 | volumes: 233 | - '${PWD}/scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' 234 | depends_on: ['elasticsearch', 'kibana'] 235 | healthcheck: 236 | test: curl --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -s https://localhost:8200/healthcheck >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi 237 | interval: 30s 238 | timeout: 10s 239 | retries: 5 240 | 241 | networks: {stack: {}} 242 | # use docker volume to persist ES data outside of a container. 243 | volumes: 244 | es_data: 245 | 246 | secrets: 247 | ca.crt: 248 | file: ${PWD}/config/ssl/ca/ca.crt 249 | logstash.yml: 250 | file: ${PWD}/config/logstash/logstash.yml 251 | logstash.keystore: 252 | file: ${PWD}/config/logstash/logstash.keystore 253 | logstash.conf: 254 | file: ${PWD}/config/logstash/pipeline/logstash.conf 255 | elasticsearch.yml: 256 | file: ${PWD}/config/elasticsearch/elasticsearch.yml 257 | elasticsearch.keystore: 258 | file: ${PWD}/config/elasticsearch/elasticsearch.keystore 259 | elasticsearch.key: 260 | file: ${PWD}/config/elasticsearch/elasticsearch.key 261 | elasticsearch.crt: 262 | file: ${PWD}/config/elasticsearch/elasticsearch.crt 263 | elasticsearch.p12: 264 | file: ${PWD}/config/elasticsearch/elasticsearch.p12 265 | kibana.yml: 266 | file: ${PWD}/config/kibana/kibana.yml 267 | kibana.keystore: 268 | file: ${PWD}/config/kibana/kibana.keystore 269 | kibana.key: 270 | file: ${PWD}/config/kibana/kibana.key 271 | kibana.crt: 272 | file: ${PWD}/config/kibana/kibana.crt 273 | auditbeat.yml: 274 | file: ${PWD}/config/auditbeat/auditbeat.yml 275 | auditbeat.keystore: 276 | file: ${PWD}/config/auditbeat/auditbeat.keystore 277 | filebeat.yml: 278 | file: ${PWD}/config/filebeat/filebeat.yml 279 | filebeat.keystore: 280 | file: ${PWD}/config/filebeat/filebeat.keystore 281 | heartbeat.yml: 282 | file: ${PWD}/config/heartbeat/heartbeat.yml 283 | heartbeat.keystore: 284 | file: ${PWD}/config/heartbeat/heartbeat.keystore 285 | metricbeat.yml: 286 | file: ${PWD}/config/metricbeat/metricbeat.yml 287 | metricbeat.keystore: 288 | file: ${PWD}/config/metricbeat/metricbeat.keystore 289 | packetbeat.yml: 290 | file: ${PWD}/config/packetbeat/packetbeat.yml 291 | packetbeat.keystore: 292 | file: ${PWD}/config/packetbeat/packetbeat.keystore 293 | apm-server.yml: 294 | file: ${PWD}/config/apm-server/apm-server.yml 295 | apm-server.keystore: 296 | file: ${PWD}/config/apm-server/apm-server.keystore 297 | -------------------------------------------------------------------------------- /screenshots/docker-vm-memory-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YonghoChoi/stack-docker/20891e98854c08b3043d0f25d06d3df036592214/screenshots/docker-vm-memory-settings.png -------------------------------------------------------------------------------- /scripts/setup-beat.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | beat=$1 6 | 7 | until curl -s "http://kibana:5601/login" | grep "Loading Kibana" > /dev/null; do 8 | echo "Waiting for kibana..." 9 | sleep 1 10 | done 11 | 12 | chmod go-w /usr/share/$beat/$beat.yml 13 | 14 | 15 | echo "Creating keystore..." 16 | # create beat keystore 17 | ${beat} --strict.perms=false keystore create --force 18 | chown 1000 /usr/share/$beat/$beat.keystore 19 | chmod go-w /usr/share/$beat/$beat.yml 20 | 21 | echo "adding ES_PASSWORD to keystore..." 22 | echo "$ELASTIC_PASSWORD" | ${beat} --strict.perms=false keystore add ELASTIC_PASSWORD --stdin 23 | ${beat} --strict.perms=false keystore list 24 | 25 | echo "Setting up dashboards..." 26 | # Load the sample dashboards for the Beat. 27 | # REF: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-sample-dashboards.html 28 | ${beat} --strict.perms=false setup -v 29 | 30 | echo "Copy keystore to ./config dir" 31 | cp /usr/share/$beat/$beat.keystore /config/$beat/$beat.keystore 32 | chown 1000:1000 /config/$beat/$beat.keystore 33 | -------------------------------------------------------------------------------- /scripts/setup-elasticsearch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -f /config/elasticsearch/elasticsearch.keystore ]; then 4 | echo "Keystore already exists, exiting. If you want to re-run please delete config/elasticsearch/elasticsearch.keystore" 5 | exit 0 6 | fi 7 | 8 | # Determine if x-pack is enabled 9 | echo "Determining if x-pack is installed..." 10 | if [[ -d /usr/share/elasticsearch/bin/x-pack ]]; then 11 | if [[ -n "$ELASTIC_PASSWORD" ]]; then 12 | 13 | echo "=== CREATE Keystore ===" 14 | echo "Elastic password is: $ELASTIC_PASSWORD" 15 | if [ -f /config/elasticsearch/elasticsearch.keystore ]; then 16 | echo "Remove old elasticsearch.keystore" 17 | rm /config/elasticsearch/elasticsearch.keystore 18 | fi 19 | [[ -f /usr/share/elasticsearch/config/elasticsearch.keystore ]] || (/usr/share/elasticsearch/bin/elasticsearch-keystore create) 20 | echo "Setting bootstrap.password..." 21 | (echo "$ELASTIC_PASSWORD" | /usr/share/elasticsearch/bin/elasticsearch-keystore add -x 'bootstrap.password') 22 | mv /usr/share/elasticsearch/config/elasticsearch.keystore /config/elasticsearch/elasticsearch.keystore 23 | 24 | # Create SSL Certs 25 | echo "=== CREATE SSL CERTS ===" 26 | 27 | # check if old docker-cluster-ca.zip exists, if it does remove and create a new one. 28 | if [ -f /config/ssl/docker-cluster-ca.zip ]; then 29 | echo "Remove old ca zip..." 30 | rm /config/ssl/docker-cluster-ca.zip 31 | fi 32 | echo "Creating docker-cluster-ca.zip..." 33 | /usr/share/elasticsearch/bin/elasticsearch-certutil ca --pem --silent --out /config/ssl/docker-cluster-ca.zip 34 | 35 | # check if ca directory exists, if does, remove then unzip new files 36 | if [ -d /config/ssl/ca ]; then 37 | echo "CA directory exists, removing..." 38 | rm -rf /config/ssl/ca 39 | fi 40 | echo "Unzip ca files..." 41 | unzip /config/ssl/docker-cluster-ca.zip -d /config/ssl 42 | 43 | # check if certs zip exist. If it does remove and create a new one. 44 | if [ -f /config/ssl/docker-cluster.zip ]; then 45 | echo "Remove old docker-cluster.zip zip..." 46 | rm /config/ssl/docker-cluster.zip 47 | fi 48 | echo "Create cluster certs zipfile..." 49 | /usr/share/elasticsearch/bin/elasticsearch-certutil cert --silent --pem --in /config/ssl/instances.yml --out /config/ssl/docker-cluster.zip --ca-cert /config/ssl/ca/ca.crt --ca-key /config/ssl/ca/ca.key 50 | 51 | if [ -d /config/ssl/docker-cluster ]; then 52 | rm -rf /config/ssl/docker-cluster 53 | fi 54 | echo "Unzipping cluster certs zipfile..." 55 | unzip /config/ssl/docker-cluster.zip -d /config/ssl/docker-cluster 56 | 57 | echo "Move logstash certs to logstash config dir..." 58 | mv /config/ssl/docker-cluster/logstash/* /config/logstash/ 59 | echo "Move kibana certs to kibana config dir..." 60 | mv /config/ssl/docker-cluster/kibana/* /config/kibana/ 61 | echo "Move elasticsearch certs to elasticsearch config dir..." 62 | mv /config/ssl/docker-cluster/elasticsearch/* /config/elasticsearch/ 63 | fi 64 | fi 65 | -------------------------------------------------------------------------------- /scripts/setup-kibana.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cacert=/usr/share/kibana/config/ca/ca.crt 6 | # Wait for ca file to exist before we continue. If the ca file doesn't exist 7 | # then something went wrong. 8 | while [ ! -f $cacert ] 9 | do 10 | sleep 2 11 | done 12 | ls -l $cacert 13 | 14 | es_url=https://elasticsearch:9200 15 | # Wait for Elasticsearch to start up before doing anything. 16 | 17 | 18 | while [[ "$(curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -o /dev/null -w '%{http_code}' $es_url)" != "200" ]]; do 19 | sleep 5 20 | done 21 | 22 | # Set the password for the kibana user. 23 | # REF: https://www.elastic.co/guide/en/x-pack/6.0/setting-up-authentication.html#set-built-in-user-passwords 24 | until curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -H 'Content-Type:application/json' \ 25 | -XPUT $es_url/_xpack/security/user/kibana/_password \ 26 | -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" 27 | do 28 | sleep 2 29 | echo Retrying... 30 | done 31 | 32 | 33 | echo "=== CREATE Keystore ===" 34 | if [ -f /config/kibana/kibana.keystore ]; then 35 | echo "Remove old kibana.keystore" 36 | rm /config/kibana/kibana.keystore 37 | fi 38 | /usr/share/kibana/bin/kibana-keystore create 39 | echo "Setting elasticsearch.password: $ELASTIC_PASSWORD" 40 | echo "$ELASTIC_PASSWORD" | /usr/share/kibana/bin/kibana-keystore add 'elasticsearch.password' -x 41 | 42 | mv /usr/share/kibana/data/kibana.keystore /config/kibana/kibana.keystore 43 | -------------------------------------------------------------------------------- /scripts/setup-logstash.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cacert=/usr/share/logstash/config/ca/ca.crt 6 | # Wait for ca file to exist before we continue. If the ca file doesn't exist 7 | # then something went wrong. 8 | while [ ! -f $cacert ] 9 | do 10 | sleep 2 11 | done 12 | ls -l $cacert 13 | 14 | es_url=https://elasticsearch:9200 15 | # Wait for Elasticsearch to start up before doing anything. 16 | while [[ "$(curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -o /dev/null -w '%{http_code}' $es_url)" != "200" ]]; do 17 | sleep 5 18 | done 19 | 20 | # Set the password for the logstash user. 21 | # REF: https://www.elastic.co/guide/en/x-pack/6.0/setting-up-authentication.html#set-built-in-user-passwords 22 | until curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -H 'Content-Type:application/json' \ 23 | -XPUT $es_url/_xpack/security/user/logstash_system/_password \ 24 | -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" 25 | do 26 | sleep 2 27 | echo Retrying... 28 | done 29 | 30 | 31 | echo "=== CREATE Keystore ===" 32 | if [ -f /config/logstash/logstash.keystore ]; then 33 | echo "Remove old logstash.keystore" 34 | rm /config/logstash/logstash.keystore 35 | fi 36 | echo "y" | /usr/share/logstash/bin/logstash-keystore create 37 | echo "Setting ELASTIC_PASSWORD..." 38 | echo "$ELASTIC_PASSWORD" | /usr/share/logstash/bin/logstash-keystore add 'ELASTIC_PASSWORD' -x 39 | mv /usr/share/logstash/config/logstash.keystore /config/logstash/logstash.keystore 40 | -------------------------------------------------------------------------------- /scripts/setup-permissions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | chown 1000 -R /config 5 | find /config -type f -name "*.keystore" -print -exec chmod go-wrx {} \; 6 | find /config -type f -name "*.yml" -print -exec chmod go-wrx {} \; 7 | -------------------------------------------------------------------------------- /scripts/setup-users.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cacert=/config/elasticsearch/ca/ca.crt 6 | # Wait for ca file to exist before we continue. If the ca file doesn't exist 7 | # then something went wrong. 8 | while [ ! -f $cacert ] 9 | do 10 | sleep 2 11 | done 12 | ls -l $cacert 13 | 14 | es_url=https://elastic:${ELASTIC_PASSWORD}@elasticsearch:9200 15 | # Wait for Elasticsearch to start up before doing anything. 16 | until curl -s --cacert $cacert $es_url -o /dev/null; do 17 | sleep 1 18 | done 19 | 20 | # Set the password for the kibana user. 21 | # REF: https://www.elastic.co/guide/en/x-pack/6.0/setting-up-authentication.html#set-built-in-user-passwords 22 | until curl --cacert $cacert -s -H 'Content-Type:application/json' \ 23 | -XPUT $es_url/_xpack/security/user/kibana/_password \ 24 | -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" 25 | do 26 | sleep 2 27 | echo Retrying... 28 | done 29 | 30 | until curl --cacert $cacert -s -H 'Content-Type:application/json' \ 31 | -XPUT $es_url/_xpack/security/user/logstash_system/_password \ 32 | -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" 33 | do 34 | sleep 2 35 | echo Retrying... 36 | done 37 | -------------------------------------------------------------------------------- /scripts/setup.sh: -------------------------------------------------------------------------------- 1 | #/bin/ash 2 | confdir="${PWD}/config" 3 | chown 1000 -R "$confdir" 4 | find "$confdir" -type f -name "*.keystore" -exec chmod go-wrx {} \; 5 | find "$confdir" -type f -name "*.yml" -exec chmod go-wrx {} \; 6 | 7 | if [ -f "$confdir/elasticsearch/elasticsearch.keystore" ]; then 8 | rm "$confdir/elasticsearch/elasticsearch.keystore" 9 | fi 10 | 11 | PW=$(openssl rand -base64 16;) 12 | ELASTIC_PASSWORD="${ELASTIC_PASSWORD:-$PW}" 13 | export ELASTIC_PASSWORD 14 | docker-compose -f docker-compose.yml -f docker-compose.setup.yml up setup_elasticsearch 15 | 16 | # setup kibana and logstash (and system passwords) 17 | docker-compose -f docker-compose.yml -f docker-compose.setup.yml up setup_kibana setup_logstash 18 | # setup beats and apm server 19 | docker-compose -f docker-compose.yml -f docker-compose.setup.yml up setup_auditbeat setup_filebeat setup_heartbeat setup_metricbeat setup_packetbeat setup_apm_server 20 | 21 | printf "Setup completed successfully. To start the stack please run:\n\t docker-compose up -d\n" 22 | printf "\nIf you wish to remove the setup containers please run:\n\tdocker-compose -f docker-compose.yml -f docker-compose.setup.yml down --remove-orphans\n" 23 | printf "\nYou will have to re-start the stack after removing setup containers.\n" 24 | printf "\nYour 'elastic' user password is: $ELASTIC_PASSWORD\n" 25 | -------------------------------------------------------------------------------- /setup.yml: -------------------------------------------------------------------------------- 1 | version: "3.6" 2 | services: 3 | setup: 4 | image: docker/compose:1.21.2 5 | working_dir: "${PWD}" 6 | cap_add: ['SYS_ADMIN'] 7 | environment: 8 | - "PWD=${PWD}" 9 | - "ELASTIC_PASSWORD" 10 | - "ELASTIC_VERSION" 11 | - "TAG" 12 | volumes: 13 | - "/var/run/docker.sock:/var/run/docker.sock" 14 | - "${PWD}:${PWD}" 15 | entrypoint: ["/bin/ash", "-c"] 16 | command: ['cat ./scripts/setup.sh | tr -d "\r" | ash'] 17 | 18 | # command: ["./scripts/setup.sh"] 19 | -------------------------------------------------------------------------------- /stack/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !/.gitignore 3 | --------------------------------------------------------------------------------