Table of Contents
Directory Structure
installation steps
1. Writing docker-compose.yml
2. es_master.yml configuration of elasticsearch config
3. kibana.yml configuration of kibana’s config
4. Elasticsearch creates a secure authentication user
5. Create a Kibana keystore and add configuration (that is, store the es user and password in the keystore, and use ES with security authentication for Kibana access)
Version information, not necessarily according to my version
Docker version 23.0.5 Docker Desktop 4.19.0 Docker Compose version v2.17.3 docker images elasticsearch:7.17.5 kibana:7.17.5 # es visualization plug-in, you can install it if needed mobz/elasticsearch-head:5
Directory structure
Installation steps
Reference website: docker-compose deploys single es and kibana
1. Written by docker-compose.yml
version: "3.3"
services:
es_master:
image: elasticsearch:7.17.5
#Here I tried to change it to es_master, but the following kibana.elasticsearch.hosts=https://es_master:9200 cannot access es. I don’t know why.
container_name: elasticsearch
hostname: es_master
restart: always
ports:
- 9200:9200
- 9300:9300
expose:
- "9200"
- "9300"
volumes:
- D:/directory/elk/es/config/conf1/es-master.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- D:/directory/elk/es/data/data1:/usr/share/elasticsearch/data/
- D:/directory/elk/es/logs:/usr/share/elasticsearch/logs/
- D:/directory/elk/es/plugins:/usr/share/elasticsearch/plugins/
environment:
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
#Commented below # will not take effect
#- 'cluster.name=elasticsearch' Set the cluster name to elasticsearch
#- 'discovery.type=single-node' starts in single node mode
networks:
elk: #Use networks to create a network
ipv4_address: 192.168.20.10
kibana:
container_name: kibana
hostname: kibana
#The version of kibana must correspond to the version of es (required)
image: kibana:7.17.5
restart: always
environment:
-elasticsearch.hosts=https://elasticsearch:9200
ports:
- 5601:5601
volumes:
- D:/directory/elk/kibana/config/kibana.yml:/usr/share/elasticsearch/config/kibana.yml
depends_on:
-es_master
networks:
elk:
ipv4_address: 192.168.20.20
#esVisualization tool plug-in
es-head:
container_name: es-head
image: mobz/elasticsearch-head:5
restart: always
ports:
- 9100:9100
#Depends on es-master
depends_on:
-es_master
networks:
#Use the created network
#mynetwork:
# external: true
#Create network
elk:
driver: bridge
ipam:
driver:default
config:
- subnet: 192.168.20.0/24
gateway: 192.168.20.1
I have tried defining the container_name of the es_master container as container_name: es_master
kibana container
environment: – elasticsearch.hosts=https://es_master:9200
When , kibana will report an error, prompting that the es node cannot be found, so I directly use container_name: elasticsearch
If the es container prompts the following error
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
Check out the article here, it’s for windows, but it won’t work after restarting the computer.
windows docker installation ES vm.max_map_count [65530]_junoo0’s blog-CSDN blog
2. es_master.yml configuration of elasticsearch’s config
# Cluster name cluster.name: es-cluster # Node name node.name: es-node1 # Can it become a master node? node.master: true # Whether to allow this node to store data, enabled by default node.data: true #Network binding network.host: 0.0.0.0 #Set the http port for external services http.port: 9200 #Set the tcp port for interaction between nodes transport.port: 9300 # Cluster discovery discovery.seed_hosts: ["192.168.20.10"] #The ip here is the network's custom network # Manually specify the name or IP of all nodes that can become mater. These configurations will be calculated in the first election. cluster.initial_master_nodes: ["es-node1"] #Support cross-domain access http.cors.enabled: true http.cors.allow-origin: "*" #xpack security authentication, if you do not need to verify the account password, change the following configuration to false xpack.security.enabled: true xpack.security.transport.ssl.enabled: true
discovery.seed_hosts: [“192.168.20.10”]
The above IP address is the custom network created under docker-compose.yml
3. kibana.yml configuration of kibana’s config
# Chinese i18n.locale: "zh-CN" # Serve server.port: 5601 server.host: "0.0.0.0" server.shutdownTimeout: "5s" #ES elasticsearch.hosts: [ "https://elasticsearch:9200" ] # Set the elastic username and password here, which must be set when es settings enable security verification. #elasticsearch.username: "elastic" #elasticsearch.password: "***"
There is a pitfall here. I have set up es authentication credentials, but after kibana is started, it will keep prompting. I am not sure why. Can anyone explain it?
missing authentication credentials for REST request
So I changed to another method to set up security verification es account for kibana.
Note that you need to complete 4. Elasticsearch creates a security verification user operation.
Reference address: Kibana accesses ES with security authentication
4. Elasticsearch creates a security verification user
When xpack security verification is set in the es_master.yml configuration, enter the es container to create an account.
docker exec -it elasticsearch bash
input the command,
./bin/elasticsearch-setup-passwords auto #The system assigns passwords, which is safer
./bin/elasticsearch-setup-passwords interactive #Set your own password
5. Create Kibana keystore And add configuration (that is, store the ES user and password in the keystore, and use Kibana to access ES with security authentication)
Enter the kibana container with the root account
./bin/kibana-keystore create
./bin/kibana-keystore add elasticsearch.username
[Enter elastic, the elastic account I created using es]
./bin/kibana-keystore add elasticsearch.password
[Enter the password about elastic in the first step]Reference address: Kibana accesses ES with security authentication
After the execution is completed, restart the kibana container
6. Construction completed
es service
Account verification passed
kibana
,
Log in to kibana (use the configured verification account to log in)
,