generated from kasthack-labs/dotnet-repo-template
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
142 lines (142 loc) · 5.09 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# this dockerfile creates _restartable_ ELK environment
# you can kill containers / move the directory to another server and it will run
# unlike the default ELK configuration
version: "3.7"
name: "elastic-8-3-3-test"
services:
certgen:
image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
volumes:
- ./certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: elastic\n"\
" dns:\n"\
" - elastic\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Complete";
sleep 3650d;
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/elastic/elastic.crt ]"]
interval: 1s
timeout: 5s
retries: 120
elastic:
image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
depends_on:
certgen:
condition: service_healthy
ports:
- 0.0.0.0:9200:9200
- 0.0.0.0:9300:9300
networks:
- elastic-test
volumes:
- ./elasticsearch/data:/usr/share/elasticsearch/data
- ./certs:/usr/share/elasticsearch/config/certs
environment:
#you may want to set limits here. see https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
- node.name=elastic
- cluster.initial_master_nodes=elastic
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elastic/elastic.key
- xpack.security.http.ssl.certificate=certs/elastic/elastic.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elastic/elastic.key
- xpack.security.transport.ssl.certificate=certs/elastic/elastic.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
- network.host=["_local_", "elastic"]
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
passwordcfg:
image: docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
networks:
- elastic-test
volumes:
- ./certs:/usr/share/elasticsearch/config/certs
depends_on:
elastic:
condition: service_healthy
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://elastic:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
touch /tmp/kibanapass;
echo "Successfully set kibana password";
sleep 3650d;
'
healthcheck:
test: ["CMD-SHELL", "[ -f /tmp/kibanapass ]"]
interval: 1s
timeout: 5s
retries: 120
kibana:
image: docker.elastic.co/kibana/kibana:${ELK_VERSION}
ports:
- 0.0.0.0:5601:5601
networks:
- elastic-test
depends_on:
passwordcfg:
condition: service_healthy
volumes:
- ./certs:/usr/share/kibana/config/certs
- ./kibana/data:/usr/share/kibana/data
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://elastic:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
elastic-test: