Enable Authentication in elasticsearch with docker environment variable
Maybe I came too late... but I had this problem today and digging found tha you don't have to set the user, just the password. This is the docker-compose file
version: '3.6'services: elasticsearchNode: image: elasticsearch:$STACK_VERSION container_name: elasticsearchNode environment: discovery.type: 'single-node' ELASTIC_PASSWORD: $ELK_PASS cluster.name: 'dockercluster' node.name: 'node-master' bootstrap.memory_lock: 'true' ES_JAVA_OPTS: '-Xms512m -Xmx512m' xpack.security.enabled: 'true' ports: - 9200:9200 - 9300:9300 networks: - docker_elk_nodevolumes: esdataNode:networks: docker_elk_node:
and the .env file
COMPOSE_PROJECT_NAME=esSTACK_VERSION=7.6.0ELK_PASS=MyPassWord
Elasticsearch security features that come with Xpack are not for free, there is a trial version for a month and then a paid version.
But according to this elastic blog, it is for free starting in versions (6.8.0 and 7.1.0).
I write this answer to activate free Elasticsearch security features with docker-compose.
Remember that when using the below code, both Kibana and Elasticsearch node are secure with username and password, so rest client that access Elasticsearch must have the credential, this answer will help.
That's my code:
version: '3'services: create_certs: container_name: create_certs image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0 command: > bash -c ' if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass "" fi; chown -R 1000:0 /usr/share/elasticsearch/config/certificates ' user: "0" working_dir: /usr/share/elasticsearch volumes: ['certs:/usr/share/elasticsearch/config/certificates'] elasticsearch: container_name: elasticsearch depends_on: [create_certs] image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0 environment: - cluster.name=docker-cluster - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ELASTIC_PASSWORD=MyPassword # password for default user: elastic - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12 volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates'] ulimits: nofile: soft: 65536 hard: 65536 memlock: soft: -1 hard: -1 ports: - "9200:9200" kibana: container_name: kibana depends_on: [elasticsearch] image: docker.elastic.co/kibana/kibana:6.8.0 environment: - ELASTICSEARCH_USERNAME=elastic - ELASTICSEARCH_PASSWORD=MyPassword ports: - "5601:5601"volumes: {"esdata", "certs"}
Enable Security in Elasticsearch using docker
Update the environment variables t enable true
environment: - "discovery.type=single-node" - ELASTICSEARCH_USERNAME=elastic - ELASTICSEARCH_PASSWORD=MagicWord - xpack.security.enabled=true
Here is the sample, docker-compose.yml
file for the elasticseaarch and kibana
version: '3.4'services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0 container_name: elasticsearch environment: - "discovery.type=single-node" - ELASTICSEARCH_USERNAME=elastic - ELASTICSEARCH_PASSWORD=MagicWord - xpack.security.enabled=true ports: - 32769:9200 - 32770:9300 networks: - elastic kibana: image: docker.elastic.co/kibana/kibana:6.6.0 container_name: kibana environment: - ELASTICSEARCH_URL="http://elasticsearch:9200" - ELASTICSEARCH_USERNAME=elastic - ELASTICSEARCH_PASSWORD=MagicWord - xpack.security.enabled=true links: - elasticsearch ports: - 5601:5601 networks: - elastic depends_on: - elasticsearch networks: elastic: driver: bridge