├── .env ├── .gitignore ├── LICENSE ├── README.md ├── docker-compose.yml ├── insecure ├── .env └── docker-compose.yml └── official ├── .env └── docker-compose.yml /.env: -------------------------------------------------------------------------------- 1 | ELASTIC_VERSION=7.15.1 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/.certs/ 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Philipp Krenn 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker & Elastic 2 | 3 | This repository contains a few examples of how to run Elasticsearch and Kibana 7.x and 8.x in Docker Compose for local development and testing. Using the official images and binding them to the default ports. Tested with the latest version of the Docker daemon. 4 | 5 | Older examples for version 6.x and 7.x are in the [Elastic Stack 7 + 6 release](https://github.com/xeraa/elastic-docker/releases/tag/seven%2Bsix). 6 | 7 | 8 | 9 | 10 | 11 | ## Official 12 | 13 | This is a minor adaptation of the [Docker Compose example from the official documentation](https://github.com/elastic/elasticsearch/blob/8.11/docs/reference/setup/install/docker/docker-compose.yml) with a self-signed certificate. The main difference is that the certificates are only generated once (automatically) and stored in the folder *official/.certs/*, so that they are easier to use. 14 | 15 | Change into the *official/* folder and run Elasticsearch and Kibana. 16 | 17 | * Start: `docker-compose up` 18 | * Remove: `docker-compose down -v` 19 | 20 | Connect to Elasticsearch at [https://localhost:9200](https://localhost:9200) and Kibana at [http://localhost:5601](http://localhost:5601) (without TLS). 21 | To query Elasticsearch with cURL run `curl --cacert .certs/ca/ca.crt -u elastic https://localhost:9200` and enter the `ELASTIC_PASSWORD` password from the *official/.env* file. 22 | 23 | 24 | 25 | ## Insecure 26 | 27 | **Don't do this.** But if you must: Change into the *insecure/* folder and run Elasticsearch and Kibana without authentication or TLS. 28 | 29 | * Start: `docker-compose up` 30 | * Remove: `docker-compose down -v` 31 | 32 | Connect to Elasticsearch at [http://localhost:9200](http://localhost:9200) and Kibana at [http://localhost:5601](http://localhost:5601). 33 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '2.2' 3 | services: 4 | 5 | elasticsearch: 6 | image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION 7 | environment: 8 | - bootstrap.memory_lock=true 9 | - discovery.type=single-node 10 | - "ES_JAVA_OPTS=-Xms512m -Xmx512m" 11 | ulimits: 12 | memlock: 13 | soft: -1 14 | hard: -1 15 | mem_limit: 1g 16 | volumes: 17 | - esdata:/usr/share/elasticsearch/data 18 | ports: 19 | - 9200:9200 20 | 21 | kibana: 22 | image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION 23 | links: 24 | - elasticsearch 25 | ports: 26 | - 5601:5601 27 | 28 | volumes: 29 | esdata: 30 | driver: local 31 | -------------------------------------------------------------------------------- /insecure/.env: -------------------------------------------------------------------------------- 1 | ELASTIC_VERSION=8.12.2 #7.17.18 2 | -------------------------------------------------------------------------------- /insecure/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | 3 | elasticsearch: 4 | image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} 5 | environment: 6 | - node.name=elasticsearch 7 | - bootstrap.memory_lock=true 8 | - xpack.security.enabled=false 9 | - discovery.type=single-node 10 | ulimits: 11 | memlock: 12 | soft: -1 13 | hard: -1 14 | mem_limit: 1g 15 | volumes: 16 | - esdata:/usr/share/elasticsearch/data 17 | ports: 18 | - 127.0.0.1:9200:9200 19 | healthcheck: 20 | test: 21 | [ 22 | "CMD-SHELL", 23 | "curl -I http://localhost:9200 | grep -q 'HTTP/1.1 200 OK'", 24 | ] 25 | interval: 5s 26 | timeout: 2s 27 | retries: 24 28 | 29 | kibana: 30 | image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} 31 | depends_on: 32 | elasticsearch: 33 | condition: service_healthy 34 | mem_limit: 1g 35 | ports: 36 | - 127.0.0.1:5601:5601 37 | healthcheck: 38 | test: 39 | [ 40 | "CMD-SHELL", 41 | "curl -I http://localhost:5601/app/home | grep -q 'HTTP/1.1 200 OK'", 42 | ] 43 | interval: 5s 44 | timeout: 2s 45 | retries: 24 46 | 47 | volumes: 48 | esdata: 49 | driver: local 50 | -------------------------------------------------------------------------------- /official/.env: -------------------------------------------------------------------------------- 1 | ELASTIC_VERSION=8.12.2 #7.17.18 2 | ELASTIC_PASSWORD=changeme 3 | KIBANA_PASSWORD=changeme 4 | -------------------------------------------------------------------------------- /official/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | 3 | setup: 4 | image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} 5 | volumes: 6 | - ./.certs:/usr/share/elasticsearch/config/certs 7 | user: "0" 8 | command: > 9 | bash -c ' 10 | if [ x${ELASTIC_PASSWORD} == x ]; then 11 | echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; 12 | exit 1; 13 | elif [ x${KIBANA_PASSWORD} == x ]; then 14 | echo "Set the KIBANA_PASSWORD environment variable in the .env file"; 15 | exit 1; 16 | fi; 17 | if [ ! -f config/certs/ca.zip ]; then 18 | echo "Creating CA"; 19 | bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; 20 | unzip config/certs/ca.zip -d config/certs; 21 | fi; 22 | if [ ! -f config/certs/certs.zip ]; then 23 | echo "Creating certs"; 24 | echo -ne \ 25 | "instances:\n"\ 26 | " - name: elasticsearch\n"\ 27 | " dns:\n"\ 28 | " - elasticsearch\n"\ 29 | " - localhost\n"\ 30 | " ip:\n"\ 31 | " - 127.0.0.1\n"\ 32 | > config/certs/instances.yml; 33 | bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; 34 | unzip config/certs/certs.zip -d config/certs; 35 | fi; 36 | echo "Setting file permissions" 37 | chown -R root:root config/certs; 38 | find . -type d -exec chmod 750 \{\} \;; 39 | find . -type f -exec chmod 640 \{\} \;; 40 | echo "Waiting for Elasticsearch availability"; 41 | until curl -s --cacert config/certs/ca/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"; do sleep 5; done; 42 | echo "Setting kibana_system password"; 43 | until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 5; done; 44 | echo "All done!"; 45 | ' 46 | healthcheck: 47 | test: ["CMD-SHELL", "[ -f config/certs/elasticsearch/elasticsearch.crt ]"] 48 | interval: 1s 49 | timeout: 2s 50 | retries: 24 51 | 52 | elasticsearch: 53 | image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} 54 | environment: 55 | - node.name=elasticsearch 56 | - bootstrap.memory_lock=true 57 | - discovery.type=single-node 58 | - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} 59 | - xpack.security.enabled=true 60 | - xpack.security.http.ssl.enabled=true 61 | - xpack.security.http.ssl.key=certs/elasticsearch/elasticsearch.key 62 | - xpack.security.http.ssl.certificate=certs/elasticsearch/elasticsearch.crt 63 | - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt 64 | - xpack.security.transport.ssl.enabled=true 65 | - xpack.security.transport.ssl.key=certs/elasticsearch/elasticsearch.key 66 | - xpack.security.transport.ssl.certificate=certs/elasticsearch/elasticsearch.crt 67 | - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt 68 | - xpack.security.transport.ssl.verification_mode=certificate 69 | depends_on: 70 | setup: 71 | condition: service_healthy 72 | ulimits: 73 | memlock: 74 | soft: -1 75 | hard: -1 76 | mem_limit: 1g 77 | volumes: 78 | - ./.certs:/usr/share/elasticsearch/config/certs:ro 79 | - esdata:/usr/share/elasticsearch/data 80 | ports: 81 | - 127.0.0.1:9200:9200 82 | healthcheck: 83 | test: 84 | [ 85 | "CMD-SHELL", 86 | "curl --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -I https://localhost:9200 | grep -q 'HTTP/1.1 200 OK'", 87 | ] 88 | interval: 5s 89 | timeout: 2s 90 | retries: 24 91 | 92 | kibana: 93 | image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} 94 | environment: 95 | - ELASTICSEARCH_HOSTS=https://elasticsearch:9200 96 | - ELASTICSEARCH_USERNAME=kibana_system 97 | - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} 98 | - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt 99 | depends_on: 100 | elasticsearch: 101 | condition: service_healthy 102 | mem_limit: 1g 103 | volumes: 104 | - ./.certs:/usr/share/kibana/config/certs:ro 105 | ports: 106 | - 127.0.0.1:5601:5601 107 | healthcheck: 108 | test: 109 | [ 110 | "CMD-SHELL", 111 | "curl -u elastic:${ELASTIC_PASSWORD} -I http://localhost:5601/app/home | grep -q 'HTTP/1.1 200 OK'", 112 | ] 113 | interval: 5s 114 | timeout: 2s 115 | retries: 24 116 | 117 | volumes: 118 | esdata: 119 | driver: local 120 | --------------------------------------------------------------------------------