├── .env-example ├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── bin ├── create_new_superuser.py ├── loading_pre_packaged_detection_rules.py ├── modify_index_mappings.py ├── send_data_to_filebeat.py └── send_document_to_elasticsearch.py ├── docker-compose.production.yml ├── docker-compose.setup.yml ├── docker-compose.yml ├── elastic-agent ├── Dockerfile └── install.py ├── elasticsearch ├── Dockerfile └── config │ └── elasticsearch.yml ├── filebeat ├── Dockerfile └── config │ └── filebeat.yml ├── kibana ├── Dockerfile └── config │ └── kibana.yml ├── logstash ├── Dockerfile ├── config │ ├── logstash.yml │ └── pipelines.yml └── pipeline │ ├── logstash.conf │ └── metricbeat.conf ├── metricbeat ├── Dockerfile └── config │ └── metricbeat.yml ├── packetbeat ├── Dockerfile └── config │ └── packetbeat.yml ├── secrets └── .gitkeep ├── setup ├── instances.yml └── setup.sh └── swag └── nginx └── proxy-confs ├── kibana.subdomain.conf.sample └── kibana.subfolder.conf.sample /.env-example: -------------------------------------------------------------------------------- 1 | ELK_VERSION=7.16.0 2 | ELASTIC_USERNAME=elastic 3 | ELASTIC_PASSWORD=some_password 4 | KIBANA_URL=https://0.0.0.0:5601 5 | 6 | # Configuration Variables 7 | ELASTICSEARCH_HEAP=2g 8 | LOGSTASH_HEAP=1g 9 | PACKETBEAT_HEAP=256m 10 | FILEBEAT_HEAP=256m 11 | METRICBEAT_HEAP=256m 12 | XPACK_ENCRYPTION_KEY=somesuperlongstringlikethisoneMQBbtsynu4bV2uxLy 13 | 14 | # Self signed TLS certificates 15 | CA_PASSWORD=some_password 16 | CA_DAYS=3650 17 | ELASTIC_DIR=/usr/share/elasticsearch 18 | LOGSTASH_DIR=/usr/share/logstash 19 | KIBANA_DIR=/usr/share/kibana 20 | PACKETBEAT_DIR=/usr/share/packetbeat 21 | FILEBEAT_DIR=/usr/share/filebeat 22 | METRICBEAT_DIR=/usr/share/metricbeat 23 | 24 | # Letsencrypt certificates 25 | ## Setting STAGING to true means it will generate self-signed certificates 26 | ## Setting STAGING to false means it will generate letsencrypt certificates 27 | # STAGING=false 28 | STAGING=true 29 | 30 | # swag Configuration 31 | #DOMAIN=mydomain.com 32 | #SUBDOMAIN=kibana 33 | #SUBFOLDER=kibana 34 | #EMAIL=email@email.com 35 | #TIMEZONE=America/Chicago 36 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | secrets/* 7 | *.DS_Store 8 | .env 9 | 10 | # C extensions 11 | *.so 12 | 13 | # Distribution / packaging 14 | .Python 15 | build/ 16 | develop-eggs/ 17 | dist/ 18 | downloads/ 19 | eggs/ 20 | .eggs/ 21 | lib/ 22 | lib64/ 23 | parts/ 24 | sdist/ 25 | var/ 26 | wheels/ 27 | pip-wheel-metadata/ 28 | share/python-wheels/ 29 | *.egg-info/ 30 | .installed.cfg 31 | *.egg 32 | MANIFEST 33 | 34 | # PyInstaller 35 | # Usually these files are written by a python script from a template 36 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 37 | *.manifest 38 | *.spec 39 | 40 | # Installer logs 41 | pip-log.txt 42 | pip-delete-this-directory.txt 43 | 44 | # Unit test / coverage reports 45 | htmlcov/ 46 | .tox/ 47 | .nox/ 48 | .coverage 49 | .coverage.* 50 | .cache 51 | nosetests.xml 52 | coverage.xml 53 | *.cover 54 | *.py,cover 55 | .hypothesis/ 56 | .pytest_cache/ 57 | 58 | # Translations 59 | *.mo 60 | *.pot 61 | 62 | # Django stuff: 63 | *.log 64 | local_settings.py 65 | db.sqlite3 66 | db.sqlite3-journal 67 | 68 | # Flask stuff: 69 | instance/ 70 | .webassets-cache 71 | 72 | # Scrapy stuff: 73 | .scrapy 74 | 75 | # Sphinx documentation 76 | docs/_build/ 77 | 78 | # PyBuilder 79 | target/ 80 | 81 | # Jupyter Notebook 82 | .ipynb_checkpoints 83 | 84 | # IPython 85 | profile_default/ 86 | ipython_config.py 87 | 88 | # pyenv 89 | .python-version 90 | 91 | # pipenv 92 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 93 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 94 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 95 | # install all needed dependencies. 96 | #Pipfile.lock 97 | 98 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 99 | __pypackages__/ 100 | 101 | # Celery stuff 102 | celerybeat-schedule 103 | celerybeat.pid 104 | 105 | # SageMath parsed files 106 | *.sage.py 107 | 108 | # Environments 109 | .env 110 | .venv 111 | env/ 112 | venv/ 113 | ENV/ 114 | env.bak/ 115 | venv.bak/ 116 | 117 | # Spyder project settings 118 | .spyderproject 119 | .spyproject 120 | 121 | # Rope project settings 122 | .ropeproject 123 | 124 | # mkdocs documentation 125 | /site 126 | 127 | # mypy 128 | .mypy_cache/ 129 | .dmypy.json 130 | dmypy.json 131 | 132 | # Pyre type checker 133 | .pyre/ 134 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 | 8 | ## [1.3.0] - 2021-10-21 9 | 10 | - Added KIBANA_URL to .env variables for public base URL type 11 | - Fixed issue with LetsEncrypt certificates being placed in the correct location 12 | - Adding support for 7.15.0 13 | 14 | ## [1.2.0] - 2021-07-14 15 | 16 | - Updated the docker-compose.production.yml to fix some bugs 17 | 18 | ## [1.1.0] - 2021-05-13 19 | 20 | - Added metricbeat and Elastic Agent containers 21 | - Modified generation of certificates 22 | - Modified most containers to adhere to more secure communications via certificates 23 | - Modified documentation 24 | 25 | ## [1.0.0] - 2020-11-23 26 | 27 | - Initial release of elk-tls-docker project 28 | - Added WiKi documentation 29 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Swimlane welcomes contributions to our projects. Please follow these instructions on how to submit your contribution! 4 | 5 | - Fork this repository 6 | - Add your changes to your fork 7 | - Add tests for your changes 8 | - Review your changes, running any linting and tests to be sure they pass 9 | - Create a pull request in this repository with your changes 10 | - Be sure to outline what you are accomplishing with your changes and follow any template if applicable 11 | 12 | Please be patient with your request! We value your contribution and will try to find time to review your pull request when we can. -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Swimlane 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # elk-tls-docker 2 | 3 | ![](https://raw.githubusercontent.com/wiki/swimlane/elk-tls-docker/images/elk-tls-docker-diagram.png) 4 | 5 | This docker-compose project will assist with setting up and creating a ELK stack using either self-signed TLS certificates or using LetsEncrypt certificates for communications. In general you get HTTPS for all services. 6 | 7 | > Please checkout our [WiKi](https://github.com/swimlane/elk-tls-docker/wiki) for detailed explanation of the project structure, configuration settings, and more. 8 | 9 | ## Environment Details 10 | 11 | This project was built so that you can test and use built-in features under Elastic Security, like detections, signals, cases, and other features. 12 | 13 | This docker-compose project will create the following Elastic containers based on version 7.12.0: 14 | 15 | * Elasticsearch 16 | * Logstash 17 | * Kibana 18 | * Packetbeat 19 | * Filebeat 20 | * Elastic Agent (Ubuntu 20.04) 21 | * Metricbeat 22 | 23 | ## Setup 24 | 25 | In order to use this project, you must first include the following in a file named `.env`. I have provided an example environment variable file here [.env-example](https://github.com/swimlane/elk-tls-docker/blob/master/.env-example). 26 | 27 | > Copy or create your own `.env` from the provided example or from the code block below 28 | 29 | ```text 30 | ELK_VERSION=7.15.0 31 | ELASTIC_USERNAME=elastic 32 | ELASTIC_PASSWORD=some_password 33 | 34 | # Configuration Variables 35 | ELASTICSEARCH_HEAP=2g 36 | LOGSTASH_HEAP=1g 37 | PACKETBEAT_HEAP=256m 38 | FILEBEAT_HEAP=256m 39 | METRICBEAT_HEAP=256m 40 | XPACK_ENCRYPTION_KEY=somesuperlongstringlikethisoneMQBbtsynu4bV2uxLy 41 | 42 | # Self signed TLS certificates 43 | CA_PASSWORD=some_password 44 | CA_DAYS=3650 45 | ELASTIC_DIR=/usr/share/elasticsearch 46 | LOGSTASH_DIR=/usr/share/logstash 47 | KIBANA_DIR=/usr/share/kibana 48 | PACKETBEAT_DIR=/usr/share/packetbeat 49 | FILEBEAT_DIR=/usr/share/filebeat 50 | METRICBEAT_DIR=/usr/share/metricbeat 51 | 52 | # Letsencrypt certificates 53 | ## Setting STAGING to true means it will generate self-signed certificates 54 | ## Setting STAGING to false means it will generate letsencrypt certificates 55 | # STAGING=false 56 | STAGING=true 57 | 58 | # swag Configuration 59 | #DOMAIN=mydomain.com 60 | #SUBDOMAIN=kibana 61 | #SUBFOLDER=kibana 62 | #EMAIL=email@email.com 63 | #TIMEZONE=America/Chicago 64 | ``` 65 | 66 | > Note: You may need to change the size of the HEAP variables in the above configuration file based on your system requirements. The settings present are for a machine with 8GB of memory 67 | 68 | **Additionally, you must either clone this repository or download the entire repository in order to build and run these containers.** 69 | 70 | You can find more documentation about these settings in our [WiKi](https://github.com/swimlane/elk-tls-docker/wiki/Environment-Variables) 71 | 72 | ### Keystore 73 | 74 | Before we build or create our containers we first need to create our keystore and certificates. You can do this using the [docker-compose.setup.yml](docker-compose.setup.yml) yaml file. If you run into issues you can see the associated documentation in our [WiKi Page about Certificates](https://github.com/swimlane/elk-tls-docker/wiki/Certificates) or create an issue in this repository. 75 | 76 | #### Creating Keystore for self-signed certificates 77 | 78 | By default creation of self-signed certificates is used and makes the most sense when testing out this project. To do so you simply run the following command first: 79 | 80 | ```bash 81 | docker-compose -f docker-compose.setup.yml run --rm certs 82 | ``` 83 | 84 | Please see our documentation about [Setup using self-signed certificates](https://github.com/swimlane/elk-tls-docker/wiki/Setup%20using%20self-signed%20certificates). 85 | 86 | #### Creating Keystore & Certificates for production 87 | 88 | If you are wanting to deploy this project in a production like environment, please see our documentation [Setup using Letsencrypt](https://github.com/swimlane/elk-tls-docker/wiki/Setup%20using%20Letsencrypt). 89 | 90 | 91 | ## Running a development environment 92 | 93 | Now, that you have your keys/certs and [passwords](https://github.com/swimlane/elk-tls-docker/wiki/Setting%20Passwords) set we can then just restart the containers by running: 94 | 95 | ``` 96 | docker-compose up -d 97 | ``` 98 | 99 | You should be able to login into the ELK stack and be on your way. 100 | 101 | You can find additioanl information about the environments that are created on your [Environment Details](https://github.com/swimlane/elk-tls-docker/wiki/Environment-Details) WiKi page. 102 | 103 | ## Running a production environment 104 | 105 | Here is a [walkthrough](https://github.com/swimlane/elk-tls-docker/wiki/Letsencrypt%20Walkthrough) on setting up a production-like environment using LetsEncrypt. 106 | 107 | You should be able to login into the ELK stack and be on your way. 108 | 109 | You can find additioanl information about the environments that are created on your [Environment Details](https://github.com/swimlane/elk-tls-docker/wiki/Environment-Details) WiKi page. 110 | 111 | ## Common Issues 112 | 113 | Please see our WiKi documentation for the most [Common Issues](https://github.com/swimlane/elk-tls-docker/wiki/Common-Issues) I have seen through testing and usage of this project. 114 | 115 | To remove all images from your system run: ```docker rmi $(docker images -a -q)``` 116 | To remove all volumes from your system run: ```docker volume prune``` 117 | 118 | ## Enabling features 119 | 120 | This project provides a few (continually adding as needed & requested) helper scripts that assist with enabling specific features within Elastic Kibana SIEM featureset as well as adding test data to your Elasticsearch instance. 121 | 122 | Please see our [Enabling Features](https://github.com/swimlane/elk-tls-docker/wiki/Enabling-Features) page in our [Wiki](https://github.com/swimlane/elk-tls-docker/wiki) 123 | 124 | ## Road Map 125 | 126 | Below are a list of features that are being planned for future releases: 127 | 128 | * Adding additional services from Elastic 129 | * Adding certificate authentication for external usage 130 | 131 | ## Contributing 132 | 133 | Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us. 134 | 135 | ## Versioning 136 | 137 | We use [SemVer](http://semver.org/) for versioning. 138 | 139 | ## Change Log 140 | 141 | Please read [CHANGELOG.md](CHANGELOG.md) for details on features for a specific version of `elk-tls-docker` 142 | 143 | ## Authors 144 | 145 | * Josh Rickard - *Initial work* - [MSAdministrator](https://github.com/msadministrator) 146 | 147 | See also the list of [contributors](https://github.com/swimlane/elk-tls-docker/contributors) who participated in this project. 148 | 149 | ## License 150 | 151 | This project is licensed under the MIT License - see the [LICENSE](LICENSE.md) file for details 152 | -------------------------------------------------------------------------------- /bin/create_new_superuser.py: -------------------------------------------------------------------------------- 1 | from socfaker import SocFaker 2 | import requests, json 3 | from requests.auth import HTTPBasicAuth 4 | 5 | 6 | _HOST = 'https://0.0.0.0:9200' 7 | ENDPOINT = '/_security/user/soc' 8 | 9 | _USERNAME = 'elastic' 10 | _PASSWORD = 'some_password' 11 | 12 | headers = { 13 | 'kbn-xsrf': 'elk-tls-docker', 14 | 'Content-Type': 'application/json' 15 | } 16 | 17 | _BODY = { 18 | 'email': 'soc@company.com', 19 | 'full_name': 'SOC', 20 | 'password': 'some_password', 21 | 'roles': ['superuser'] 22 | } 23 | 24 | response = requests.post( 25 | _HOST + ENDPOINT, 26 | headers=headers, 27 | data=json.dumps(_BODY), 28 | auth=HTTPBasicAuth(_USERNAME, _PASSWORD), 29 | verify=False) 30 | print(response.json()) -------------------------------------------------------------------------------- /bin/loading_pre_packaged_detection_rules.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from requests.auth import HTTPBasicAuth 3 | 4 | _HOST = 'https://0.0.0.0:5601' 5 | _USERNAME = 'elastic' 6 | _PASSWORD = 'some_password' 7 | 8 | headers = { 9 | 'kbn-xsrf': 'elk-tls-docker', 10 | 'Content-Type': 'application/json' 11 | } 12 | 13 | ENDPOINT = '/api/detection_engine/rules/prepackaged' 14 | 15 | response = requests.put( 16 | _HOST + ENDPOINT, 17 | headers=headers, 18 | auth=HTTPBasicAuth(_USERNAME, _PASSWORD), 19 | verify=False) 20 | print(response.json()) -------------------------------------------------------------------------------- /bin/modify_index_mappings.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from requests.auth import HTTPBasicAuth 3 | 4 | 5 | _HOST = 'https://0.0.0.0:9200' 6 | _INDEX = 'winlogbeat' # if it doesn't it exist it will be created 7 | _USERNAME = 'elastic' 8 | _PASSWORD = 'some_password' 9 | 10 | headers = { 11 | 'kbn-xsrf': 'elk-tls-docker', 12 | 'Content-Type': 'application/json' 13 | } 14 | 15 | ENDPOINT = f'/{_INDEX}/_mapping' 16 | 17 | body = { 18 | "properties": { 19 | "host": { 20 | "properties": { 21 | "name": { 22 | "type": "text", 23 | "fielddata": True 24 | }, 25 | "hostname": { 26 | "type": "text", 27 | "fielddata": True 28 | }, 29 | "ip": { 30 | "type": "text", 31 | "fielddata": True 32 | }, 33 | } 34 | }, 35 | "event": { 36 | "properties": { 37 | "action": { 38 | "type": "text", 39 | "fielddata": True 40 | }, 41 | "dataset": { 42 | "type": "text", 43 | "fielddata": True 44 | }, 45 | "module": { 46 | "type": "text", 47 | "fielddata": True 48 | } 49 | } 50 | }, 51 | "organization": { 52 | "properties": { 53 | "name": { 54 | "type": "text", 55 | "fielddata": True 56 | } 57 | } 58 | }, 59 | "os": { 60 | "properties": { 61 | "full": { 62 | "type": "text", 63 | "fielddata": True 64 | } 65 | } 66 | }, 67 | "file": { 68 | "properties": { 69 | "path": { 70 | "type": "text", 71 | "fielddata": True 72 | } 73 | } 74 | }, 75 | "http": { 76 | "properties": { 77 | "request": { 78 | "properties": { 79 | "body": { 80 | "properties": { 81 | "content": { 82 | "type": "text", 83 | "fielddata": True 84 | } 85 | } 86 | } 87 | } 88 | }, 89 | "response": { 90 | "properties": { 91 | "body": { 92 | "properties": { 93 | "content": { 94 | "type": "text", 95 | "fielddata": True 96 | } 97 | } 98 | } 99 | } 100 | } 101 | } 102 | }, 103 | "destination": { 104 | "properties": { 105 | "ip": { 106 | "type": "text", 107 | "fielddata": True 108 | }, 109 | "geo": { 110 | "properties": { 111 | "country_iso_code": { 112 | "type": "text", 113 | "fielddata": True 114 | } 115 | } 116 | } 117 | } 118 | }, 119 | "source": { 120 | "properties": { 121 | "ip": { 122 | "type": "text", 123 | "fielddata": True 124 | }, 125 | "geo": { 126 | "properties": { 127 | "country_iso_code": { 128 | "type": "text", 129 | "fielddata": True 130 | } 131 | } 132 | } 133 | } 134 | } 135 | } 136 | } 137 | 138 | response = requests.put( 139 | _HOST + ENDPOINT, 140 | headers=headers, 141 | json=body, 142 | auth=HTTPBasicAuth(_USERNAME, _PASSWORD), 143 | verify=False) 144 | print(response.json()) 145 | -------------------------------------------------------------------------------- /bin/send_data_to_filebeat.py: -------------------------------------------------------------------------------- 1 | import socket, json, sys 2 | 3 | 4 | HOST = '0.0.0.0' 5 | PORT = 9000 6 | 7 | try: 8 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 9 | except socket.error as msg: 10 | sys.stderr.write("[ERROR] {}\n".format(msg[1])) 11 | sys.exit(1) 12 | 13 | try: 14 | sock.connect((HOST, PORT)) 15 | except socket.error as msg: 16 | sys.stderr.write("[ERROR] {}\n".format(msg[1])) 17 | sys.exit(2) 18 | 19 | sock.send(b'my test string') 20 | sock.close() 21 | 22 | sock.close() 23 | sys.exit(0) 24 | -------------------------------------------------------------------------------- /bin/send_document_to_elasticsearch.py: -------------------------------------------------------------------------------- 1 | from socfaker import SocFaker 2 | import requests, json 3 | from requests.auth import HTTPBasicAuth 4 | 5 | 6 | _HOST = 'https://0.0.0.0:9200' 7 | _INDEX = 'winlogbeat' # if it doesn't it exist it will be created 8 | _USERNAME = 'elastic' 9 | _PASSWORD = 'some_password' 10 | 11 | headers = { 12 | 'kbn-xsrf': 'elk-tls-docker', 13 | 'Content-Type': 'application/json' 14 | } 15 | 16 | ENDPOINT = f'/{_INDEX}/_doc' 17 | 18 | soc_faker = SocFaker() 19 | 20 | import pprint, pendulum 21 | count = 1 22 | while count <=100: 23 | for doc in soc_faker.products.elastic.document.get(count=1): 24 | doc['event']['created'] = pendulum.now().to_iso8601_string() 25 | doc['event']['start'] = pendulum.now().to_iso8601_string() 26 | response = requests.post( 27 | _HOST + ENDPOINT, 28 | headers=headers, 29 | data=json.dumps(doc), 30 | auth=HTTPBasicAuth(_USERNAME, _PASSWORD), 31 | verify=False) 32 | print(response.json()) 33 | count+=1 -------------------------------------------------------------------------------- /docker-compose.production.yml: -------------------------------------------------------------------------------- 1 | version: '3.5' 2 | 3 | # will contain all elasticsearch data. 4 | volumes: 5 | data: 6 | 7 | secrets: 8 | ca.crt: 9 | file: ./secrets/certificate_authority/ca/ca.crt 10 | elasticsearch.keystore: 11 | file: ./secrets/elasticsearch.keystore 12 | elastic-stack-ca.p12: 13 | file: ./secrets/certificate_authority/elastic-stack-ca.p12 14 | elasticsearch.key: 15 | file: ./secrets/certificates/elasticsearch/elasticsearch.key 16 | elasticsearch.cert: 17 | file: ./secrets/certificates/elasticsearch/elasticsearch.crt 18 | kibana.key: 19 | file: ./secrets/certificates/kibana/kibana.key 20 | kibana.cert: 21 | file: ./secrets/certificates/kibana/kibana.crt 22 | logstash.pkcs8.key: 23 | file: ./secrets/certificates/logstash/logstash.pkcs8.key 24 | logstash.key: 25 | file: ./secrets/certificates/logstash/logstash.key 26 | logstash.p12: 27 | file: ./secrets/keystores/logstash/logstash.p12 28 | logstash.cert: 29 | file: ./secrets/certificates/logstash/logstash.crt 30 | filebeat.key: 31 | file: ./secrets/certificates/filebeat/filebeat.key 32 | filebeat.cert: 33 | file: ./secrets/certificates/filebeat/filebeat.crt 34 | metricbeat.key: 35 | file: ./secrets/certificates/metricbeat/metricbeat.key 36 | metricbeat.cert: 37 | file: ./secrets/certificates/metricbeat/metricbeat.crt 38 | packetbeat.key: 39 | file: ./secrets/certificates/packetbeat/packetbeat.key 40 | packetbeat.cert: 41 | file: ./secrets/certificates/packetbeat/packetbeat.crt 42 | 43 | services: 44 | swag: 45 | image: linuxserver/swag 46 | container_name: swag 47 | cap_add: 48 | - NET_ADMIN 49 | environment: 50 | - PUID=2000 51 | - PGID=2000 52 | - TZ=${TIMEZONE} 53 | - URL=${DOMAIN} 54 | - SUBDOMAINS=${SUBDOMAIN} 55 | - VALIDATION=http 56 | - EMAIL=${EMAIL} 57 | - STAGING=false 58 | volumes: 59 | - ./swag:/config 60 | ports: 61 | - 443:443 62 | - 80:80 63 | restart: unless-stopped 64 | networks: 65 | - elk 66 | depends_on: 67 | - elasticsearch 68 | - kibana 69 | 70 | elasticsearch: 71 | container_name: elasticsearch 72 | hostname: elasticsearch 73 | build: 74 | context: elasticsearch/ 75 | args: 76 | ELK_VERSION: ${ELK_VERSION} 77 | restart: unless-stopped 78 | environment: 79 | CONFIG_DIR: ${ELASTIC_DIR}/config 80 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 81 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 82 | ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP} 83 | bootstrap.memory_lock: "true" 84 | discovery.type: single-node 85 | volumes: 86 | - data:${ELASTIC_DIR} 87 | - ./elasticsearch/config/elasticsearch.yml:${ELASTIC_DIR}/config/elasticsearch.yml:ro 88 | secrets: 89 | - source: elasticsearch.keystore 90 | target: ${ELASTIC_DIR}/config/elasticsearch.keystore 91 | - source: ca.crt 92 | target: ${ELASTIC_DIR}/config/ca.crt 93 | - source: elasticsearch.cert 94 | target: ${ELASTIC_DIR}/config/elasticsearch.crt 95 | - source: elasticsearch.key 96 | target: ${ELASTIC_DIR}/config/elasticsearch.key 97 | expose: 98 | - 9200 99 | - 9300 100 | ulimits: 101 | memlock: 102 | soft: -1 103 | hard: -1 104 | nofile: 105 | soft: 200000 106 | hard: 200000 107 | networks: 108 | - elk 109 | 110 | kibana: 111 | container_name: kibana 112 | hostname: kibana 113 | build: 114 | context: kibana/ 115 | args: 116 | ELK_VERSION: $ELK_VERSION 117 | restart: unless-stopped 118 | volumes: 119 | - ./kibana/config/kibana.yml:${KIBANA_DIR}/config/kibana.yml:ro 120 | environment: 121 | CONFIG_DIR: ${KIBANA_DIR}/config 122 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 123 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 124 | ENCRYPTION_KEY: ${XPACK_ENCRYPTION_KEY} 125 | KIBANA_URL: ${KIBANA_URL} 126 | secrets: 127 | - source: ca.crt 128 | target: ${KIBANA_DIR}/config/ca.crt 129 | - source: kibana.cert 130 | target: ${KIBANA_DIR}/config/kibana.crt 131 | - source: kibana.key 132 | target: ${KIBANA_DIR}/config/kibana.key 133 | ports: 134 | - "5601:5601" 135 | networks: 136 | - elk 137 | depends_on: 138 | - elasticsearch 139 | 140 | logstash: 141 | container_name: logstash 142 | hostname: logstash 143 | build: 144 | context: logstash/ 145 | args: 146 | ELK_VERSION: $ELK_VERSION 147 | restart: unless-stopped 148 | volumes: 149 | - ./logstash/config/logstash.yml:${LOGSTASH_DIR}/config/logstash.yml:ro 150 | - ./logstash/pipeline/logstash.conf:${LOGSTASH_DIR}/pipeline/logstash.conf:ro 151 | - ./logstash/pipeline/metricbeat.conf:${LOGSTASH_DIR}/pipeline/metricbeat.conf 152 | environment: 153 | CONFIG_DIR: ${LOGSTASH_DIR}/config 154 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 155 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 156 | LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}" 157 | secrets: 158 | - source: ca.crt 159 | target: ${LOGSTASH_DIR}/config/ca.crt 160 | - source: logstash.cert 161 | target: ${LOGSTASH_DIR}/config/logstash.crt 162 | - source: logstash.key 163 | target: ${LOGSTASH_DIR}/config/logstash.key 164 | - source: logstash.pkcs8.key 165 | target: ${LOGSTASH_DIR}/config/logstash.pkcs8.key 166 | - source: logstash.p12 167 | target: ${LOGSTASH_DIR}/config/logstash.p12 168 | networks: 169 | - elk 170 | expose: 171 | - 12201/udp 172 | - 5044 173 | - 9600 174 | - 5000/tcp 175 | - 5000/udp 176 | depends_on: 177 | - elasticsearch 178 | - kibana 179 | 180 | packetbeat: 181 | container_name: packetbeat 182 | hostname: packetbeat 183 | user: root 184 | build: 185 | context: packetbeat/ 186 | args: 187 | ELK_VERSION: $ELK_VERSION 188 | restart: unless-stopped 189 | cap_add: 190 | - NET_ADMIN 191 | - NET_RAW 192 | command: packetbeat -e -strict.perms=false 193 | volumes: 194 | - ./packetbeat/config/packetbeat.yml:${PACKETBEAT_DIR}/packetbeat.yml:ro 195 | - /var/run/docker.sock:/var/run/docker.sock 196 | environment: 197 | CONFIG_DIR: ${PACKETBEAT_DIR}/config 198 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 199 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 200 | LS_JAVA_OPTS: "-Xmx${PACKETBEAT_HEAP} -Xms${PACKETBEAT_HEAP}" 201 | secrets: 202 | - source: ca.crt 203 | target: ${PACKETBEAT_DIR}/config/ca.crt 204 | - source: packetbeat.cert 205 | target: ${PACKETBEAT_DIR}/config/packetbeat.crt 206 | - source: packetbeat.key 207 | target: ${PACKETBEAT_DIR}/config/packetbeat.key 208 | networks: 209 | - elk 210 | depends_on: 211 | - logstash 212 | 213 | metricbeat: 214 | container_name: metricbeat 215 | hostname: metricbeat 216 | user: root 217 | build: 218 | context: metricbeat/ 219 | args: 220 | ELK_VERSION: $ELK_VERSION 221 | restart: unless-stopped 222 | cap_add: 223 | - NET_ADMIN 224 | - NET_RAW 225 | command: 226 | - /bin/bash 227 | - -c 228 | - while true; do metricbeat -e; sleep 1; done 229 | volumes: 230 | - ./metricbeat/config/metricbeat.yml:${METRICBEAT_DIR}/metricbeat.yml 231 | - /var/run/docker.sock:/var/run/docker.sock 232 | environment: 233 | CONFIG_DIR: ${METRICBEAT_DIR}/config 234 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 235 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 236 | LS_JAVA_OPTS: "-Xmx${METRICBEAT_HEAP} -Xms${METRICBEAT_HEAP}" 237 | secrets: 238 | - source: elastic-stack-ca.p12 239 | target: /etc/pki/ca-trust/source/anchors/elastic-stack-ca.p12 240 | - source: ca.crt 241 | target: /etc/pki/ca-trust/source/anchors/ca.crt 242 | - source: metricbeat.cert 243 | target: ${METRICBEAT_DIR}/config/metricbeat.crt 244 | - source: metricbeat.key 245 | target: ${METRICBEAT_DIR}/config/metricbeat.key 246 | networks: 247 | - elk 248 | depends_on: 249 | - logstash 250 | 251 | filebeat: 252 | container_name: filebeat 253 | hostname: filebeat 254 | build: 255 | context: filebeat/ 256 | args: 257 | ELK_VERSION: $ELK_VERSION 258 | restart: unless-stopped 259 | command: filebeat -e -strict.perms=false 260 | volumes: 261 | - ./filebeat/config/filebeat.yml:${FILEBEAT_DIR}/filebeat.yml:ro 262 | environment: 263 | CONFIG_DIR: ${FILEBEAT_DIR}/config 264 | LS_JAVA_OPTS: "-Xmx${FILEBEAT_HEAP} -Xms${FILEBEAT_HEAP}" 265 | secrets: 266 | - source: ca.crt 267 | target: ${FILEBEAT_DIR}/config/ca.crt 268 | - source: filebeat.cert 269 | target: ${FILEBEAT_DIR}/config/filebeat.crt 270 | - source: filebeat.key 271 | target: ${FILEBEAT_DIR}/config/filebeat.key 272 | expose: 273 | - 9000 274 | networks: 275 | - elk 276 | depends_on: 277 | - logstash 278 | 279 | networks: 280 | elk: 281 | driver: bridge 282 | -------------------------------------------------------------------------------- /docker-compose.setup.yml: -------------------------------------------------------------------------------- 1 | version: '3.5' 2 | 3 | services: 4 | certs: 5 | container_name: certs 6 | image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} 7 | command: bash ${ELASTIC_DIR}/config/setup.sh 8 | user: "0" 9 | volumes: 10 | - ./swag:/swag/ 11 | - ./secrets:/secrets/ 12 | - ./setup/setup.sh:${ELASTIC_DIR}/config/setup.sh 13 | - ./setup/instances.yml:${ELASTIC_DIR}/config/instances.yml:ro 14 | environment: 15 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 16 | SUBDOMAIN: ${SUBDOMAIN} 17 | SUBFOLDER: ${SUBFOLDER} 18 | STAGING: ${STAGING} 19 | networks: 20 | - elk 21 | 22 | volumes: 23 | secrets: 24 | driver: local 25 | setup: 26 | driver: local 27 | 28 | networks: 29 | elk: 30 | driver: bridge -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.5' 2 | 3 | # will contain all elasticsearch data. 4 | volumes: 5 | data: 6 | 7 | secrets: 8 | ca.crt: 9 | file: ./secrets/certificate_authority/ca/ca.crt 10 | elasticsearch.keystore: 11 | file: ./secrets/elasticsearch.keystore 12 | elastic-stack-ca.p12: 13 | file: ./secrets/certificate_authority/elastic-stack-ca.p12 14 | elasticsearch.key: 15 | file: ./secrets/certificates/elasticsearch/elasticsearch.key 16 | elasticsearch.cert: 17 | file: ./secrets/certificates/elasticsearch/elasticsearch.crt 18 | kibana.key: 19 | file: ./secrets/certificates/kibana/kibana.key 20 | kibana.cert: 21 | file: ./secrets/certificates/kibana/kibana.crt 22 | logstash.pkcs8.key: 23 | file: ./secrets/certificates/logstash/logstash.pkcs8.key 24 | logstash.key: 25 | file: ./secrets/certificates/logstash/logstash.key 26 | logstash.p12: 27 | file: ./secrets/keystores/logstash/logstash.p12 28 | logstash.cert: 29 | file: ./secrets/certificates/logstash/logstash.crt 30 | filebeat.key: 31 | file: ./secrets/certificates/filebeat/filebeat.key 32 | filebeat.cert: 33 | file: ./secrets/certificates/filebeat/filebeat.crt 34 | metricbeat.key: 35 | file: ./secrets/certificates/metricbeat/metricbeat.key 36 | metricbeat.cert: 37 | file: ./secrets/certificates/metricbeat/metricbeat.crt 38 | packetbeat.key: 39 | file: ./secrets/certificates/packetbeat/packetbeat.key 40 | packetbeat.cert: 41 | file: ./secrets/certificates/packetbeat/packetbeat.crt 42 | 43 | services: 44 | elasticsearch: 45 | container_name: elasticsearch 46 | hostname: elasticsearch 47 | build: 48 | context: elasticsearch/ 49 | args: 50 | ELK_VERSION: ${ELK_VERSION} 51 | restart: unless-stopped 52 | environment: 53 | CONFIG_DIR: ${ELASTIC_DIR}/config 54 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 55 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 56 | ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP} 57 | bootstrap.memory_lock: "true" 58 | discovery.type: single-node 59 | volumes: 60 | - data:${ELASTIC_DIR} 61 | - ./elasticsearch/config/elasticsearch.yml:${ELASTIC_DIR}/config/elasticsearch.yml:ro 62 | secrets: 63 | - source: elasticsearch.keystore 64 | target: ${ELASTIC_DIR}/config/elasticsearch.keystore 65 | - source: ca.crt 66 | target: ${ELASTIC_DIR}/config/ca.crt 67 | - source: elasticsearch.cert 68 | target: ${ELASTIC_DIR}/config/elasticsearch.crt 69 | - source: elasticsearch.key 70 | target: ${ELASTIC_DIR}/config/elasticsearch.key 71 | ports: 72 | - "9200:9200" 73 | - "9300:9300" 74 | healthcheck: 75 | test: curl -s https://elasticsearch:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi 76 | interval: 30s 77 | timeout: 10s 78 | retries: 5 79 | ulimits: 80 | memlock: 81 | soft: -1 82 | hard: -1 83 | nofile: 84 | soft: 200000 85 | hard: 200000 86 | networks: 87 | - elk 88 | 89 | kibana: 90 | container_name: kibana 91 | hostname: kibana 92 | build: 93 | context: kibana/ 94 | args: 95 | ELK_VERSION: $ELK_VERSION 96 | restart: unless-stopped 97 | volumes: 98 | - ./kibana/config/kibana.yml:${KIBANA_DIR}/config/kibana.yml:ro 99 | environment: 100 | CONFIG_DIR: ${KIBANA_DIR}/config 101 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 102 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 103 | ENCRYPTION_KEY: ${XPACK_ENCRYPTION_KEY} 104 | KIBANA_URL: ${KIBANA_URL} 105 | secrets: 106 | - source: ca.crt 107 | target: ${KIBANA_DIR}/config/ca.crt 108 | - source: kibana.cert 109 | target: ${KIBANA_DIR}/config/kibana.crt 110 | - source: kibana.key 111 | target: ${KIBANA_DIR}/config/kibana.key 112 | healthcheck: 113 | test: curl -s https://kibana:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi 114 | interval: 30s 115 | timeout: 10s 116 | retries: 5 117 | ports: 118 | - "5601:5601" 119 | networks: 120 | - elk 121 | depends_on: 122 | - elasticsearch 123 | 124 | logstash: 125 | container_name: logstash 126 | hostname: logstash 127 | build: 128 | context: logstash/ 129 | args: 130 | ELK_VERSION: $ELK_VERSION 131 | restart: unless-stopped 132 | volumes: 133 | - ./logstash/config/logstash.yml:${LOGSTASH_DIR}/config/logstash.yml 134 | - ./logstash/pipeline/logstash.conf:${LOGSTASH_DIR}/pipeline/logstash.conf 135 | - ./logstash/pipeline/metricbeat.conf:${LOGSTASH_DIR}/pipeline/metricbeat.conf 136 | environment: 137 | path.settings: null 138 | CONFIG_DIR: ${LOGSTASH_DIR}/config 139 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 140 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 141 | LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}" 142 | secrets: 143 | - source: ca.crt 144 | target: ${LOGSTASH_DIR}/config/ca.crt 145 | - source: logstash.cert 146 | target: ${LOGSTASH_DIR}/config/logstash.crt 147 | - source: logstash.pkcs8.key 148 | target: ${LOGSTASH_DIR}/config/logstash.pkcs8.key 149 | - source: logstash.key 150 | target: ${LOGSTASH_DIR}/config/logstash.key 151 | - source: logstash.p12 152 | target: ${LOGSTASH_DIR}/config/logstash.p12 153 | networks: 154 | - elk 155 | ports: 156 | - "12201:12201/udp" 157 | - "5044:5044" 158 | - "5045:5045/tcp" 159 | - "5046:5046" 160 | - "9600:9600" 161 | - "5000:5000/tcp" 162 | - "5000:5000/udp" 163 | depends_on: 164 | - elasticsearch 165 | - kibana 166 | 167 | packetbeat: 168 | container_name: packetbeat 169 | hostname: packetbeat 170 | user: root 171 | build: 172 | context: packetbeat/ 173 | args: 174 | ELK_VERSION: $ELK_VERSION 175 | restart: unless-stopped 176 | cap_add: 177 | - NET_ADMIN 178 | - NET_RAW 179 | command: packetbeat -e -strict.perms=false 180 | volumes: 181 | - ./packetbeat/config/packetbeat.yml:${PACKETBEAT_DIR}/packetbeat.yml:ro 182 | - /var/run/docker.sock:/var/run/docker.sock 183 | environment: 184 | CONFIG_DIR: ${PACKETBEAT_DIR}/config 185 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 186 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 187 | LS_JAVA_OPTS: "-Xmx${PACKETBEAT_HEAP} -Xms${PACKETBEAT_HEAP}" 188 | secrets: 189 | - source: ca.crt 190 | target: /etc/pki/ca-trust/source/anchors/ca.crt 191 | - source: packetbeat.cert 192 | target: ${PACKETBEAT_DIR}/config/packetbeat.crt 193 | - source: packetbeat.key 194 | target: ${PACKETBEAT_DIR}/config/packetbeat.key 195 | networks: 196 | - elk 197 | depends_on: 198 | - logstash 199 | 200 | metricbeat: 201 | container_name: metricbeat 202 | hostname: metricbeat 203 | user: root 204 | build: 205 | context: metricbeat/ 206 | args: 207 | ELK_VERSION: $ELK_VERSION 208 | restart: unless-stopped 209 | cap_add: 210 | - NET_ADMIN 211 | - NET_RAW 212 | command: 213 | - /bin/bash 214 | - -c 215 | - while true; do metricbeat -e; sleep 1; done 216 | volumes: 217 | - ./metricbeat/config/metricbeat.yml:${METRICBEAT_DIR}/metricbeat.yml 218 | - /var/run/docker.sock:/var/run/docker.sock 219 | environment: 220 | CONFIG_DIR: ${METRICBEAT_DIR}/config 221 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 222 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 223 | LS_JAVA_OPTS: "-Xmx${METRICBEAT_HEAP} -Xms${METRICBEAT_HEAP}" 224 | secrets: 225 | - source: elastic-stack-ca.p12 226 | target: /etc/pki/ca-trust/source/anchors/elastic-stack-ca.p12 227 | - source: ca.crt 228 | target: /etc/pki/ca-trust/source/anchors/ca.crt 229 | - source: metricbeat.cert 230 | target: ${METRICBEAT_DIR}/config/metricbeat.crt 231 | - source: metricbeat.key 232 | target: ${METRICBEAT_DIR}/config/metricbeat.key 233 | networks: 234 | - elk 235 | depends_on: 236 | - logstash 237 | - kibana 238 | 239 | filebeat: 240 | container_name: filebeat 241 | hostname: filebeat 242 | build: 243 | context: filebeat/ 244 | args: 245 | ELK_VERSION: $ELK_VERSION 246 | restart: unless-stopped 247 | command: > 248 | sh -c "filebeat -e" 249 | volumes: 250 | - ./filebeat/config/filebeat.yml:${FILEBEAT_DIR}/filebeat.yml:ro 251 | environment: 252 | CONFIG_DIR: ${FILEBEAT_DIR}/config 253 | LS_JAVA_OPTS: "-Xmx${FILEBEAT_HEAP} -Xms${FILEBEAT_HEAP}" 254 | ELASTIC_USERNAME: ${ELASTIC_USERNAME} 255 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} 256 | secrets: 257 | - source: ca.crt 258 | target: ${FILEBEAT_DIR}/config/ca.crt 259 | - source: filebeat.cert 260 | target: ${FILEBEAT_DIR}/config/filebeat.crt 261 | - source: filebeat.key 262 | target: ${FILEBEAT_DIR}/config/filebeat.key 263 | ports: 264 | - "9000:9000" 265 | networks: 266 | - elk 267 | depends_on: 268 | - logstash 269 | 270 | elastic-agent: 271 | container_name: elastic-agent 272 | hostname: elastic-agent 273 | build: 274 | context: elastic-agent/ 275 | args: 276 | ELK_VERSION: $ELK_VERSION 277 | restart: unless-stopped 278 | environment: 279 | FLEET_CA: '/ca.crt' 280 | ELK_VERSION: ${ELK_VERSION} 281 | KIBANA_HOST: "https://kibana:5601" 282 | ELASTICSEARCH_USERNAME: ${ELASTIC_USERNAME} 283 | ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD} 284 | ELASTICSEARCH_HOSTS: "https://elasticsearch:9200" 285 | FLEET_ENROLL_INSECURE: 1 286 | ENROLL_FORCE: 1 287 | PREFLIGHT_CHECK: 1 288 | secrets: 289 | - source: ca.crt 290 | target: /ca.crt 291 | ports: 292 | - "22:22" 293 | networks: 294 | - elk 295 | depends_on: 296 | - logstash 297 | 298 | networks: 299 | elk: 300 | driver: bridge -------------------------------------------------------------------------------- /elastic-agent/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM amd64/ubuntu:20.04 4 | 5 | RUN apt-get update && \ 6 | apt-get -y install sudo && \ 7 | apt-get -y install python3-pip python3 8 | 9 | RUN pip3 install requests 10 | RUN pip3 install PyYaml 11 | RUN pip3 install elastic-agent-setup==0.0.11 12 | 13 | ADD install.py /install.py 14 | RUN chmod +x /install.py 15 | 16 | CMD ["/install.py"] 17 | ENTRYPOINT ["python3"] 18 | -------------------------------------------------------------------------------- /elastic-agent/install.py: -------------------------------------------------------------------------------- 1 | import os 2 | import time 3 | from elastic_agent_setup import ElasticAgent 4 | 5 | 6 | if __name__ == "__main__": 7 | agent = ElasticAgent() 8 | verify_ssl = False if os.environ.get('FLEET_ENROLL_INSECURE') else True 9 | agent.configure( 10 | os.environ.get('ELASTICSEARCH_USERNAME'), 11 | os.environ.get('ELASTICSEARCH_PASSWORD'), 12 | kibana=os.environ.get('KIBANA_HOST', 'https://localhost:5601'), 13 | elasticsearch=os.environ.get('ELASTICSEARCH_HOSTS', 'https://localhost:9200'), 14 | force_enroll='--force' if os.environ.get('ENROLL_FORCE') else '', 15 | certificate_authority=os.environ.get('FLEET_CA'), 16 | verify_ssl=verify_ssl 17 | ) 18 | preflight = True if os.environ.get('PREFLIGHT_CHECK') else False 19 | agent.install(version=os.environ.get('ELK_VERSION'), preflight_check=preflight) 20 | while True: 21 | print('Elastic Agent is running .....', flush=True) 22 | time.sleep(30) 23 | -------------------------------------------------------------------------------- /elasticsearch/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} -------------------------------------------------------------------------------- /elasticsearch/config/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | ## Cluster Settings 2 | cluster.name: "elk-tls-cluster" 3 | network.host: "0.0.0.0" 4 | http.host: 0.0.0.0 5 | 6 | ## License 7 | xpack.license.self_generated.type: trial 8 | 9 | # Security 10 | xpack.security.enabled: true 11 | xpack.security.authc.token.enabled: true 12 | xpack.security.authc.api_key.enabled: true 13 | 14 | # transport security settings 15 | # This is mostly used for inter-node communications between parts of the ELK stack 16 | xpack.security.transport.ssl.enabled: true 17 | xpack.security.transport.ssl.key: ${CONFIG_DIR}/elasticsearch.key 18 | xpack.security.transport.ssl.certificate: ${CONFIG_DIR}/elasticsearch.crt 19 | xpack.security.transport.ssl.certificate_authorities: ${CONFIG_DIR}/ca.crt 20 | 21 | # HTTP security setttings 22 | # This is used for client server ssl/tls communications (e.g. browser to kibana) 23 | xpack.security.http.ssl.enabled: true 24 | xpack.security.http.ssl.key: ${CONFIG_DIR}/elasticsearch.key 25 | xpack.security.http.ssl.certificate: ${CONFIG_DIR}/elasticsearch.crt 26 | xpack.security.http.ssl.certificate_authorities: ${CONFIG_DIR}/ca.crt 27 | -------------------------------------------------------------------------------- /filebeat/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/beats/filebeat:${ELK_VERSION} 4 | 5 | CMD filebeat export template > filebeat.template.json \ 6 | cat filebeat.template.json | curl -u 'elastic:some_password' -XPUT 'https://elasticsearch:9200/_template/filebeat-7.12.0' -d @- --insecure -------------------------------------------------------------------------------- /filebeat/config/filebeat.yml: -------------------------------------------------------------------------------- 1 | name: filebeat 2 | setup.template: 3 | enabled: true 4 | output.elasticsearch.username: ${ELASTIC_USERNAME} 5 | output.elasticsearch.password: ${ELASTIC_PASSWORD} 6 | path.config: ${CONFIG_DIR} 7 | 8 | filebeat.inputs: 9 | - type: tcp 10 | enabled: true 11 | max_message_size: 10MiB 12 | host: "filebeat:9000" 13 | 14 | output.logstash: 15 | enabled: true 16 | hosts: ["logstash:5045"] 17 | ssl.certificate_authorities: ["${CONFIG_DIR}/ca.crt"] 18 | ssl.certificate: "${CONFIG_DIR}/filebeat.crt" 19 | ssl.key: "${CONFIG_DIR}/filebeat.key" 20 | 21 | output.elasticsearch: 22 | enabled: false 23 | hosts: ["https://elasticsearch:9200"] 24 | ssl.certificate_authorities: ["${CONFIG_DIR}/ca.crt"] 25 | ssl.certificate: "${CONFIG_DIR}/filebeat.crt" 26 | ssl.key: "${CONFIG_DIR}/filebeat.key" -------------------------------------------------------------------------------- /kibana/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} -------------------------------------------------------------------------------- /kibana/config/kibana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | server.name: kibana 3 | server.host: 0.0.0.0 4 | server.publicBaseUrl: "${KIBANA_URL}" 5 | 6 | # Elasticsearch settings 7 | elasticsearch.hosts: [ "https://elasticsearch:9200" ] 8 | elasticsearch.ssl.certificateAuthorities: [ "${CONFIG_DIR}/ca.crt" ] 9 | elasticsearch.username: "${ELASTIC_USERNAME}" 10 | elasticsearch.password: "${ELASTIC_PASSWORD}" 11 | 12 | # Elasticsearch monitoring settings 13 | monitoring.ui.container.elasticsearch.enabled: true 14 | 15 | # X-Pack Security 16 | xpack.security.enabled: true 17 | xpack.encryptedSavedObjects.encryptionKey: "${ENCRYPTION_KEY}" 18 | xpack.security.encryptionKey: "${ENCRYPTION_KEY}" 19 | xpack.reporting.encryptionKey: "${ENCRYPTION_KEY}" 20 | 21 | # SSL settings 22 | 23 | server.ssl.enabled: true 24 | server.ssl.certificate: "${CONFIG_DIR}/kibana.crt" 25 | server.ssl.key: "${CONFIG_DIR}/kibana.key" 26 | server.ssl.certificateAuthorities: [ "${CONFIG_DIR}/ca.crt" ] 27 | 28 | # fleet settings for Elastic-agent 29 | xpack.fleet.enabled: true 30 | xpack.fleet.agents.enabled: true 31 | xpack.fleet.agents.tlsCheckDisabled: true 32 | xpack.fleet.agents.kibana.host: "https://kibana:5601" 33 | xpack.fleet.agents.elasticsearch.host: "https://elasticsearch:9200" 34 | 35 | xpack.ingestManager.enabled: true 36 | xpack.ingestManager.fleet.enabled: true -------------------------------------------------------------------------------- /logstash/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/logstash/logstash:${ELK_VERSION} -------------------------------------------------------------------------------- /logstash/config/logstash.yml: -------------------------------------------------------------------------------- 1 | node.name: "logstash" 2 | http.host: "0.0.0.0" 3 | 4 | path.settings: ${CONFIG_DIR} 5 | 6 | # X-Pack Security Options 7 | xpack.management.elasticsearch.username: "${ELASTIC_USERNAME}" 8 | xpack.management.elasticsearch.password: "${ELASTIC_PASSWORD}" 9 | 10 | xpack.monitoring.elasticsearch.username: "${ELASTIC_USERNAME}" 11 | xpack.monitoring.elasticsearch.password: "${ELASTIC_PASSWORD}" 12 | xpack.monitoring.elasticsearch.ssl.certificate_authority: "${CONFIG_DIR}/ca.crt" 13 | 14 | # Metricbeat settings 15 | monitoring.enabled: false 16 | -------------------------------------------------------------------------------- /logstash/config/pipelines.yml: -------------------------------------------------------------------------------- 1 | - pipeline.id: normal-beats 2 | path.config: "/usr/share/logstash/pipeline/logstash.conf" 3 | pipeline.workers: 3 4 | - pipeline.id: metribeats-beats 5 | path.config: "/usr/share/logstash/pipeline/metricbeat.conf" 6 | queue.type: persisted -------------------------------------------------------------------------------- /logstash/pipeline/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | beats { 3 | port => 5045 4 | ssl => true 5 | ssl_certificate => "${CONFIG_DIR}/logstash.crt" 6 | ssl_key => "${CONFIG_DIR}/logstash.pkcs8.key" 7 | } 8 | } 9 | filter { 10 | } 11 | output { 12 | elasticsearch { 13 | hosts => ["https://elasticsearch:9200"] 14 | user => "${ELASTIC_USERNAME}" 15 | password => "${ELASTIC_PASSWORD}" 16 | ssl => true 17 | ssl_certificate_verification => true 18 | cacert => "${CONFIG_DIR}/ca.crt" 19 | index => "%{[@metadata][beat]}-%{[@metadata][version]}" 20 | } 21 | } -------------------------------------------------------------------------------- /logstash/pipeline/metricbeat.conf: -------------------------------------------------------------------------------- 1 | input { 2 | beats { 3 | port => 5044 4 | ssl => true 5 | ssl_certificate_authorities => ["${CONFIG_DIR}/ca.crt"] 6 | ssl_certificate => "${CONFIG_DIR}/logstash.crt" 7 | ssl_key => "${CONFIG_DIR}/logstash.pkcs8.key" 8 | ssl_verify_mode => "force_peer" 9 | } 10 | } 11 | filter { 12 | } 13 | output { 14 | elasticsearch { 15 | hosts => ["elasticsearch:9200"] 16 | user => "${ELASTIC_USERNAME}" 17 | password => "${ELASTIC_PASSWORD}" 18 | ssl => true 19 | ssl_certificate_verification => true 20 | cacert => "${CONFIG_DIR}/ca.crt" 21 | index => "%{[@metadata][beat]}-%{[@metadata][version]}" 22 | } 23 | } -------------------------------------------------------------------------------- /metricbeat/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/beats/metricbeat:${ELK_VERSION} 4 | 5 | USER root 6 | RUN yum-config-manager --save --setopt=base.skip_if_unavailable=true 7 | RUN yum install ca-certificates -y 8 | RUN update-ca-trust force-enable 9 | 10 | USER metricbeat 11 | CMD update-ca-trust extract \ 12 | metricbeat setup -e --index-management --dashboards -E "output.logstash.enabled=false" -E "output.elasticsearch.hosts=['https://elasticsearch:9200']" -E "output.elasticsearch.ssl.certificate_authorities=["/etc/pki/ca-trust/source/anchors/ca.crt"]" -E "output.elasticsearch.ssl.certificates=${CONFIG_DIR}/metricbeat.crt" -E "output.elasticsearch.ssl.key=${CONFIG_DIR}/metricbeat.key" 13 | -------------------------------------------------------------------------------- /metricbeat/config/metricbeat.yml: -------------------------------------------------------------------------------- 1 | setup.dashboards.enabled: true 2 | 3 | # Forcing Elasticsearch index template 4 | setup.template.overwrite: true 5 | 6 | setup.kibana.host: "kibana:5601" 7 | setup.kibana.protocol: "https" 8 | setup.kibana.ssl.enabled: true 9 | setup.kibana.username: '${ELASTIC_USERNAME:}' 10 | setup.kibana.password: '${ELASTIC_PASSWORD:}' 11 | setup.kibana.ssl.certificate_authorities: ["/etc/pki/ca-trust/source/anchors/ca.crt"] 12 | setup.kibana.ssl.certificate: ${CONFIG_DIR}/metricbeat.crt 13 | setup.kibana.ssl.key: ${CONFIG_DIR}/metricbeat.key 14 | setup.kibana.ssl.verification_mode: "none" 15 | 16 | metricbeat.autodiscover: 17 | providers: 18 | - type: docker 19 | hints.enabled: true 20 | 21 | metricbeat.modules: 22 | - module: docker 23 | metricsets: 24 | - "container" 25 | - "cpu" 26 | - "diskio" 27 | - "healthcheck" 28 | - "info" 29 | - "image" 30 | - "memory" 31 | - "network" 32 | hosts: ["unix:///var/run/docker.sock"] 33 | period: 10s 34 | enabled: true 35 | 36 | 37 | processors: 38 | - add_cloud_metadata: ~ 39 | 40 | output.logstash: 41 | hosts: ["logstash:5044"] 42 | ssl.certificate_authorities: ["/etc/pki/ca-trust/source/anchors/ca.crt"] 43 | ssl.certificate: ${CONFIG_DIR}/metricbeat.crt 44 | ssl.key: ${CONFIG_DIR}/metricbeat.key 45 | index: metricbeat 46 | -------------------------------------------------------------------------------- /packetbeat/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | FROM docker.elastic.co/beats/packetbeat:${ELK_VERSION} 4 | 5 | USER root 6 | RUN yum-config-manager --save --setopt=base.skip_if_unavailable=true 7 | RUN yum install ca-certificates -y 8 | RUN update-ca-trust force-enable 9 | 10 | USER packetbeat 11 | CMD update-ca-trust extract \ 12 | packetbeat setup -e --index-management --dashboards -E "output.logstash.enabled=false" -E "output.elasticsearch.hosts=['https://elasticsearch:9200']" -E "output.elasticsearch.ssl.certificate_authorities=["${CONFIG_DIR}/ca.crt"]" -E "output.elasticsearch.ssl.certificates=${CONFIG_DIR}/packetbeat.crt" -E "output.elasticsearch.ssl.key=${CONFIG_DIR}/packetbeat.key" 13 | -------------------------------------------------------------------------------- /packetbeat/config/packetbeat.yml: -------------------------------------------------------------------------------- 1 | name: "packetbeat" 2 | setup.dashboards.enabled: true 3 | 4 | # Forcing Elasticsearch index template 5 | setup.template.overwrite: true 6 | 7 | setup.kibana.host: "https://kibana:5601" 8 | setup.kibana.protocol: "https" 9 | setup.kibana.ssl.enabled: true 10 | setup.kibana.username: '${ELASTIC_USERNAME:}' 11 | setup.kibana.password: '${ELASTIC_PASSWORD:}' 12 | setup.kibana.ssl.certificate_authorities: ["/etc/pki/ca-trust/source/anchors/ca.crt"] 13 | setup.kibana.ssl.certificate: ${CONFIG_DIR}/packetbeat.crt 14 | setup.kibana.ssl.key: ${CONFIG_DIR}/packetbeat.key 15 | setup.kibana.ssl.verification_mode: none 16 | 17 | packetbeat.interfaces.device: any 18 | 19 | packetbeat.flows: 20 | timeout: 30s 21 | period: 10s 22 | 23 | packetbeat.protocols.dns: 24 | ports: [53] 25 | include_authorities: true 26 | include_additionals: true 27 | 28 | packetbeat.protocols.http: 29 | ports: [80, 5601, 9200, 8080, 8081, 5000, 8002] 30 | 31 | packetbeat.protocols.memcache: 32 | ports: [11211] 33 | 34 | packetbeat.protocols.mysql: 35 | ports: [3306] 36 | 37 | packetbeat.protocols.pgsql: 38 | ports: [5432] 39 | 40 | packetbeat.protocols.redis: 41 | ports: [6379] 42 | 43 | packetbeat.protocols.thrift: 44 | ports: [9090] 45 | 46 | packetbeat.protocols.mongodb: 47 | ports: [27017] 48 | 49 | packetbeat.protocols.cassandra: 50 | ports: [9042] 51 | 52 | #processors: 53 | #- add_cloud_metadata: ~ 54 | 55 | output.logstash: 56 | hosts: ["logstash:5044"] 57 | ssl.certificate_authorities: ["/etc/pki/ca-trust/source/anchors/ca.crt"] 58 | ssl.certificate: ${CONFIG_DIR}/packetbeat.crt 59 | ssl.key: ${CONFIG_DIR}/packetbeat.key 60 | index: packetbeat 61 | 62 | # Commented out for reference if you wanted 63 | # to send directly to elasticsearch 64 | 65 | #output.elasticsearch: 66 | # hosts: ["https://elasticsearch:9200"] 67 | # protocol: "https" 68 | # username: '${ELASTIC_USERNAME}' 69 | # password: '${ELASTIC_PASSWORD}' 70 | # ssl.enabled: true 71 | # ssl.certificate_authorities: ["${CONFIG_DIR}/ca.crt"] 72 | # ssl.verification_mode: none 73 | # ssl.certificate: "${CONFIG_DIR}/logstash.crt" 74 | # ssl.key: "${CONFIG_DIR}/logstash.key" -------------------------------------------------------------------------------- /secrets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swimlane/elk-tls-docker/19f0baa727873eb76cdabfcfca921132aad4efd6/secrets/.gitkeep -------------------------------------------------------------------------------- /setup/instances.yml: -------------------------------------------------------------------------------- 1 | instances: 2 | - name: elasticsearch 3 | dns: 4 | - elasticsearch 5 | - localhost 6 | ip: 7 | - "0.0.0.0" 8 | - "127.0.0.1" 9 | - name: kibana 10 | dns: 11 | - kibana 12 | - localhost 13 | ip: 14 | - "0.0.0.0" 15 | - "127.0.0.1" 16 | - name: logstash 17 | dns: 18 | - logstash 19 | - localhost 20 | ip: 21 | - "0.0.0.0" 22 | - "127.0.0.1" 23 | - name: filebeat 24 | dns: 25 | - filebeat 26 | - localhost 27 | ip: 28 | - "0.0.0.0" 29 | - "127.0.0.1" 30 | - name: metricbeat 31 | dns: 32 | - metricbeat 33 | - localhost 34 | ip: 35 | - "0.0.0.0" 36 | - "127.0.0.1" 37 | - name: packetbeat 38 | dns: 39 | - packetbeat 40 | - localhost 41 | ip: 42 | - "0.0.0.0" 43 | - "127.0.0.1" -------------------------------------------------------------------------------- /setup/setup.sh: -------------------------------------------------------------------------------- 1 | # Exit on Error 2 | set -e 3 | 4 | CONFIG_DIR=/usr/share/elasticsearch/config 5 | OUTPUT_FILE=/secrets/elasticsearch.keystore 6 | NATIVE_FILE=$CONFIG_DIR/elasticsearch.keystore 7 | OUTPUT_DIR=/secrets 8 | CA_DIR=$OUTPUT_DIR/certificate_authority 9 | KEYSTORES_DIR=$OUTPUT_DIR/keystores 10 | CERT_DIR=$OUTPUT_DIR/certificates 11 | CA_P12=$CA_DIR/elastic-stack-ca.p12 12 | CA_ZIP=$CA_DIR/ca.zip 13 | CA_CERT=$CA_DIR/ca/ca.crt 14 | CA_KEY=$CA_DIR/ca/ca.key 15 | BUNDLE_ZIP=$OUTPUT_DIR/bundle.zip 16 | CERT_KEYSTORES_ZIP=$OUTPUT_DIR/cert_keystores.zip 17 | HTTP_ZIP=$OUTPUT_DIR/http.zip 18 | 19 | apt-get install unzip openssl -y 20 | 21 | create_self_signed_ca() 22 | { 23 | printf "====== Creating Self-Signed Certificate Authority ======\n" 24 | printf "=====================================================\n" 25 | echo "Generating Self-Signed Certificate Authority PEM ..." 26 | bin/elasticsearch-certutil ca --pass "" --pem --out $CA_ZIP --silent 27 | unzip $CA_ZIP -d $CA_DIR 28 | echo "Generating Self-Signed Certificate Authority P12 ..." 29 | bin/elasticsearch-certutil ca --pass "" --out $CA_P12 --silent 30 | echo "elastic-stack-ca.p12 is located $CA_P12" 31 | } 32 | 33 | create_certificates() 34 | { 35 | printf "====== Generating Certiticate Keystores ======\n" 36 | printf "=====================================================\n" 37 | echo "Creating p12 certificate keystores" 38 | bin/elasticsearch-certutil cert --silent --in $CONFIG_DIR/instances.yml --out $CERT_KEYSTORES_ZIP --ca $CA_P12 --ca-pass "" --pass "" 39 | unzip $CERT_KEYSTORES_ZIP -d $KEYSTORES_DIR 40 | echo "Creating crt and key certificates" 41 | bin/elasticsearch-certutil cert --silent --in $CONFIG_DIR/instances.yml --out $BUNDLE_ZIP --ca-cert $CA_CERT --ca-key $CA_KEY --ca-pass "" --pem 42 | unzip $BUNDLE_ZIP -d $CERT_DIR 43 | } 44 | 45 | setup_passwords() 46 | { 47 | printf "====== Setting up Default User Passwords ======\n" 48 | printf "=====================================================\n" 49 | 50 | bin/elasticsearch-setup-passwords auto -u "https://0.0.0.0:9200" -v --batch 51 | } 52 | 53 | create_keystore() 54 | { 55 | printf "========== Creating Elasticsearch Keystore ==========\n" 56 | printf "=====================================================\n" 57 | elasticsearch-keystore create >> /dev/null 58 | 59 | ## Setting Bootstrap Password 60 | echo "Setting bootstrap password..." 61 | (echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x 'bootstrap.password') 62 | 63 | # Replace current Keystore 64 | if [ -f "$OUTPUT_FILE" ]; then 65 | echo "Remove old elasticsearch.keystore" 66 | rm $OUTPUT_FILE 67 | fi 68 | 69 | #setup_passwords 70 | echo "Saving new elasticsearch.keystore" 71 | mv $NATIVE_FILE $OUTPUT_FILE 72 | chmod 0644 $OUTPUT_FILE 73 | 74 | printf "======= Keystore setup completed successfully =======\n" 75 | printf "=====================================================\n" 76 | } 77 | 78 | 79 | remove_existing_certificates() 80 | { 81 | printf "====== Removing Existing Secrets ======\n" 82 | printf "=====================================================\n" 83 | for f in $OUTPUT_DIR/* ; do 84 | if [ -d "$f" ]; then 85 | echo "Removing directory $f" 86 | rm -rf $f 87 | fi 88 | if [ -f "$f" ]; then 89 | echo "Removing file $f" 90 | rm $f 91 | fi 92 | done 93 | } 94 | 95 | create_directory_structure() 96 | { 97 | printf "====== Creating Required Directories ======\n" 98 | printf "=====================================================\n" 99 | echo "Creating Certificate Authority Directory..." 100 | mkdir $CA_DIR 101 | echo "Creating Keystores Directory..." 102 | mkdir $KEYSTORES_DIR 103 | echo "Creating Certificates Directory..." 104 | mkdir $CERT_DIR 105 | } 106 | 107 | rename_swag_confs() 108 | { 109 | if [ "$SUBDOMAIN" ]; then 110 | cp "/swag/nginx/proxy-confs/kibana.subdomain.conf.sample" "/swag/nginx/proxy-confs/$SUBDOMAIN.subdomain.conf" 111 | #mv "/swag/nginx/proxy-confs/kibana.subdomain.conf.sample" "/swag/nginx/proxy-confs/$SUBDOMAIN.subdomain.conf" 112 | sed -i -e "s/REPLACE_ME.*;/$SUBDOMAIN.*;/" "/swag/nginx/proxy-confs/$SUBDOMAIN.subdomain.conf" 113 | elif [ "$SUBFOLDER" ]; then 114 | cp "/swag/nginx/proxy-confs/kibana.subfolder.conf.sample" "/swag/nginx/proxy-confs/$SUBFOLDER.subfolder.conf" 115 | sed -e "s/\\REPLACE_ME/\\$SUBFOLDER/" "/swag/nginx/proxy-confs/$SUBFOLDER.subfolder.conf" 116 | else 117 | echo "No SUBDOMAIN or SUBFOLDER variable set.... skipping ...." 118 | fi 119 | } 120 | 121 | remove_existing_certificates 122 | create_directory_structure 123 | create_keystore 124 | create_self_signed_ca 125 | create_certificates 126 | 127 | openssl pkcs8 -in /secrets/certificates/logstash/logstash.key -topk8 -nocrypt -out /secrets/certificates/logstash/logstash.pkcs8.key 128 | 129 | if [ "$STAGING" = false ]; then 130 | rename_swag_confs 131 | if [ -d "/swag/keys" ]; then 132 | echo "Using letsencrypt certificate authority generated by swag" 133 | CA_CERT="/swag/keys/cert.crt" 134 | cp $CA_CERT $CA_DIR/ca/ca.crt 135 | CA_KEY="/swag/keys/cert.key" 136 | cp $CA_KEY $CA_DIR/ca/ca.key 137 | else 138 | echo "PLEASE RUN DOCKER-COMPOSE.PRODUCTION.YML TO COMPLETE SETUP!" 139 | fi 140 | fi 141 | 142 | #setup_passwords 143 | #bin/elasticsearch-certutil http 144 | #unzip "/usr/share/elasticsearch/elasticsearch-ssl-http.zip" -d $OUTPUT_DIR/ssl 145 | 146 | 147 | #echo "Convert logstash.key to PKCS#8 format for Beats input plugin" 148 | #openssl pkcs8 -in $OUTPUT_DIR/logstash/logstash.key -topk8 -nocrypt -out $OUTPUT_DIR/logstash/logstash.pkcs8.key 149 | 150 | chown -R 1000:0 $OUTPUT_DIR 151 | 152 | printf "=====================================================\n" 153 | printf "SSL Certificates generation completed successfully.\n" 154 | printf "=====================================================\n" -------------------------------------------------------------------------------- /swag/nginx/proxy-confs/kibana.subdomain.conf.sample: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl; 3 | listen [::]:443 ssl; 4 | server_name REPLACE_ME.*; 5 | include /config/nginx/ssl.conf; 6 | client_max_body_size 0; 7 | location / { 8 | include /config/nginx/proxy.conf; 9 | resolver 127.0.0.11 valid=30s; 10 | set $upstream_app kibana; 11 | set $upstream_port 5601; 12 | set $upstream_proto https; 13 | proxy_pass $upstream_proto://$upstream_app:$upstream_port; 14 | } 15 | } -------------------------------------------------------------------------------- /swag/nginx/proxy-confs/kibana.subfolder.conf.sample: -------------------------------------------------------------------------------- 1 | location ^~ /REPLACE_ME { 2 | include /config/nginx/proxy.conf; 3 | resolver 127.0.0.11 valid=30s; 4 | set $upstream_app kibana; 5 | set $upstream_port 5601; 6 | set $upstream_proto http; 7 | proxy_pass $upstream_proto://$upstream_app:$upstream_port; 8 | } --------------------------------------------------------------------------------