es version: 8.5.0
kibana version: 8.5.0
docker: The new version is fine (must support docker compose)
Background: When learning es, I used docker to deploy es on a Linux server (I originally wanted to deploy both es and kibana on the server, but due to server performance limitations, I could only put kibana on my own computer. Rich people can ignore it. )
in several steps
1. First create a docker network. What I created here is “cloud”
- docker network create cloud
2.Create a folder
Create a docker folder in the default directory and go in
- mkdir docker -cd docker
3. Create docker compose file
- touch docker-compose.yml
First paste the docker compose file
Note! ! ! : If you are a wealthy person and the server is powerful enough, just paste the following and run it, and finally delete the setup container.
es:
version: "2"
services:
setup:
image: elasticsearch:8.5.0
volumes:
- $PWD/elasticsearch/certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ xqwerasdf == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ xqwerasdf == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\
"\
" - name: elasticsearch\
"\
"dns:\
"\
" - elasticsearch\
"\
" - localhost\
"\
"ip:\
"\
" - "es deployment address"\
"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{<!-- -->\} \;;
find . -type f -exec chmod 640 \{<!-- -->\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"; do sleep 5; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:qwerasdf -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{"password":"qwerasdf"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/elasticsearch/elasticsearch.crt ]"]
interval: 1s
timeout: 5s
retries: 120
networks:
-cloud
elasticsearch:
image: elasticsearch:8.5.0
container_name: elasticsearch
environment:
- node.name=elasticsearch
- discovery.type=single-node
- ELASTIC_PASSWORD=qwerasdf
- bootstrap.memory_lock=true
-xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.http.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.transport.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
ports:
- "9200:9200"
- "9300:9300"
volumes:
- $PWD/elasticsearch/data:/usr/share/elasticsearch/data
- $PWD/elasticsearch/certs:/usr/share/elasticsearch/config/certs
mem_limit: 1g
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- cloud
kibana:
depends_on:
elasticsearch:
condition: service_healthy
image: kibana:8.5.0
container_name: kibana
environment:
-SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=qwerasdf
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
ports:
- "5601:5601"
volumes:
- $PWD/elasticsearch/certs:/usr/share/kibana/config/certs
- $PWD/elasticsearch/kibanadata:/usr/share/kibana/data
mem_limit: 512m
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
-cloud
networks:
cloud:
external: true
4. Paste the file and run it directly
- docker compose uo -d
Note: You may encounter some file permission issues here. You need to manually authorize the automatically generated folder and then restart (rich players should be able to start running now)
After finishing, you can delete the two containers kinaba and setup. They will be of no use anymore.
5 When everything is finished, we will find that there are three containers in total, one es, one kinaba, and one setup. The function of setup is actually just to generate http certificates, change the es account password, etc. After a while, there will be Several directories are automatically generated
elasticsearch:
At this time, paste the certs directly into the local computer. The path is similar to that on the server. The file path is similar to that on the server. This folder stores some certificate files.
6 Start kinaba locally
Also create a new docker folder and write the docker-compose.yml file.
Local docker-compose.yml file:
version: "2" #The version of docker compose is consistent with your own computer
services:
kibana:
image: kibana:8.5.0
privileged: true
container_name: kibana
environment:
-SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es ip address: 9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=qwerasdf
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
ports:
- "5601:5601"
volumes:
- $PWD/elasticsearch/certs:/usr/share/kibana/config/certs
- $PWD/elasticsearch/kibanadata:/usr/share/kibana/data
networks:
- cloud
networks:
cloud:
external: true
Then run it directly and it will be ok