Kibana docker healthcheck is failing:
./docker-healthcheck: line 5: python: command not found curl: (23) Failed writing body (0 != 16384)
Script is using python, which is not available.

When i upgrade the version, all the data of ES is kept but with Kibana (Dashboard, Index patterns) data is lost. Can you map kibana data to the local drive?

Really like this repo and works very good out of the box!

But can't figure out how to make it work with Lets Encrypt certs. I think I'm doing something really wrong. Both Docker and ELK stack are very new to me.

So I've copied all certs to the /secret folder with generous permissions.
And then mapping them in docker.compose.yml

secrets:
  elasticsearch.keystore:
    file: ./secrets/keystore/elasticsearch.keystore
  elastic.ca:
    file: ./secrets/certs/elkdemo.demo123.com/fullchain.pem
  elasticsearch.certificate:
    file: ./secrets/certs/elkdemo.demo123.com/fullchain.pem
  elasticsearch.key:
    file: ./secrets/certs/elkdemo.demo123.com/privkey.pem
  kibana.certificate:
    file: ./secrets/certs/elkdemo.demo123.com/fullchain.pem
  kibana.key:
    file: ./secrets/certs/elkdemo.demo123.com/privkey.pem

Running with this I get

logstash_1 | [2022-01-18T18:30:07,979][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@elasticsearch:9200/]}}
logstash_1 | [2022-01-18T18:30:08,026][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Host name 'elasticsearch' does not match the certificate subject provided by the peer (CN=elkdemo.demo123.com)"}

In browser https://elkdemo.demo123.com:5601 it gets correct certs but with message "Kibana server is not ready yet"

Elasticsearch seems working

curl -X GET 'https://elkdemo.demo123.com:9200' -u elastic:changeme
{
  "name" : "elastdocker-node-0",
  "cluster_name" : "elastdocker-cluster",
  "cluster_uuid" : "1JA8zEeMS3aRlUw7xgTbGA",
  "version" : {
    "number" : "7.16.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "2b937c44140b6559905130a8650c64dbd0879cfb",
    "build_date" : "2021-12-18T19:42:46.604893745Z",
    "build_snapshot" : false,
    "lucene_version" : "8.10.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Tried changing in kibana.yml with same errors
from elasticsearch.hosts: [ "${ELASTICSEARCH_HOST_PORT}" ]
to elasticsearch.hosts: [ "https://elkdemo.demo123.com:9200" ]

Everything else is default using the latest commits.

Should I change ELASTICSEARCH_HOST, KIBANA_HOST and LOGSTASH_HOST in .env to my hostname, elkdemo.demo123.com ?

Hi @sherifabdlnaby

Firstly, nice idea on this project, I feel very strongly about this that setting up an elastic cluster should not be such an effort, especially when deploying projects on multiple client locations. I should just be able to, after setting my domain name and node configuration, run a single command on my server, and I should have, out of the box, Elasticsearch, Kibana, Elastic APM, Beats and Logstash completely secured and ready to go.

However, there seem to be some gaps in deploying a working version of this.

• While this project is labeled to be for a production cluster, all the rest of the documentation seems to only be talking about localhost. Ideally there should be some documentation on how to get this running on a server exposed to the web.
• In your screenshots, your chrome shows "Not Secure", presumably because of the self signed certificate. A more thorough approach would be to add let's encrypt to the repo and allow auto-issuing certificates automatically when the cluster is spun up. Tools like Caprover to this to great effect. Any particular reason http security is not enabled by default?

Hello, is there a possibility to configure this docker with Fleet and set:

?
because after I'm setting the required information, the kibana server stops to respond.

Thank u for your time spent on this q. :)

Describe the bug
stack not working with changing only username & password.
I changed username as "okan" and password "pass" for testing
If I use default username 'elastic', it's working.

To Reproduce
Clone the repo.
change username & password in .env file.
make setup
(virtual memory size set for linux)
make elk

Expected behavior
Run stack and see kibana login screen

Logs of elasticsearch:

{"type": "server", "timestamp": "2021-03-02T06:26:55,676Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "elastdocker-cluster", "node.name": "elastdocker-node-0", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-7-2021.03.02][0]]]).", "cluster.uuid": "WIOpjgIqSZiqzZ3Utlz7aw", "node.id": "I2tuo0noSWyezMY7zIKDkQ" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-03-02T06:26:56,694Z", "level": "ERROR", "component": "o.e.x.s.a.e.NativeUsersStore", "cluster.name": "elastdocker-cluster", "node.name": "elastdocker-node-0", "message": "security index is unavailable. short circuiting retrieval of user [okan]", "cluster.uuid": "WIOpjgIqSZiqzZ3Utlz7aw", "node.id": "I2tuo0noSWyezMY7zIKDkQ" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-03-02T06:26:56,706Z", "level": "ERROR", "component": "o.e.x.s.a.e.NativeUsersStore", "cluster.name": "elastdocker-cluster", "node.name": "elastdocker-node-0", "message": "security index is unavailable. short circuiting retrieval of user [okan]", "cluster.uuid": "WIOpjgIqSZiqzZ3Utlz7aw", "node.id": "I2tuo0noSWyezMY7zIKDkQ" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-03-02T06:26:56,724Z", "level": "ERROR", "component": "o.e.x.s.a.e.NativeUsersStore", "cluster.name": "elastdocker-cluster", "node.name": "elastdocker-node-0", "message": "security index is unavailable. short circuiting retrieval of user [okan]", "cluster.uuid": "WIOpjgIqSZiqzZ3Utlz7aw", "node.id": "I2tuo0noSWyezMY7zIKDkQ" }

Desktop:

• OS: Linux 18.04
• Browser chrome

Describe the bug
make setup fails when setting ELK_VERSION=8.0.0 or ELK_VERSION=8.0.1 in .env file

To Reproduce
set ELK_VERSION=8.0.0 or ELK_VERSION=8.0.1 in .env

make setup

Expected behavior
I expected it to build create setup files just as with 7.*

Screenshots

(base) swellmanatee@met-home-server:~/projects/elastdocker$ make setup
make[1]: Entering directory '/home/swellmanatee/projects/elastdocker'
docker-compose -f docker-compose.setup.yml run --rm certs
Creating elastic_certs_run ... done
======= Generating Elastic Stack Certificates =======
=====================================================
Clearing Old Certificates if exits... 
Generating... 
ERROR: 64
make[1]: *** [Makefile:28: certs] Error 64
make[1]: Leaving directory '/home/swellmanatee/projects/elastdocker'
make: *** [Makefile:31: setup] Error 2

Desktop (please complete the following information):

Distributor ID: Ubuntu
Description:    Ubuntu 20.04.4 LTS
Release:        20.04
Codename:       focal

Additional context
Works perfectly fine when running 7.* ELK versions

I have tried to change the default user/password in the .env

Ran the make setup but didn't fix anything

With the default configuration everything works fine.

First of all, I'd like to thank you for creating such a comprehensive guide to getting started with ELK!

I have followed the tutorial to get the stack up and running and didn't face any issues there. However, if I try to access KIbana on https://localhost:5601/, I get "Kibana server is not ready yet." in the browser. One thing to note is that the elastic_elasticsearch_1 container is stuck in the "starting" state, which could be the cause of the issue, but I have waited for an hour and it has stayed in that state.

Docker version 20.10.0, build 7287ab3
docker-compose version 1.29.2, build 5becea4c

make ps Output:

              Name                            Command                       State                               Ports                     
------------------------------------------------------------------------------------------------------------------------------------------
elastic_elasticsearch-exporter_1   /bin/elasticsearch_exporte ...   Up                      0.0.0.0:9114->9114/tcp                        
elastic_elasticsearch_1            /bin/tini -- /usr/local/bi ...   Up (health: starting)   0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp
elastic_filebeat-cluster-logs_1    /usr/bin/tini -- /usr/loca ...   Up                                                                    
elastic_kibana_1                   /bin/tini -- /usr/local/bi ...   Up                      0.0.0.0:5601->5601/tcp                        
elastic_logstash-exporter_1        /prometheus-logstash-expor ...   Up                      0.0.0.0:9304->9304/tcp                        
elastic_logstash_1                 /usr/local/bin/docker-entr ...   Up (healthy)   0.0.0.0:5044->5044/tcp, 0.0.0.0:9600->9600/tcp
elastic_rubban_1                   /opt/rubban/rubban               Up                                                                    

I'd be extremely grateful if you could point me in the right direction, thanks.

Installation with alpine3.8 as base image stuck at downloading package stage. Using debian with apt installation works.

Hello,
I have problem

Best regards.

Describe the solution you'd like
Add ELkStack APM Server

Additional context

I have tried to initialize many times with the available configurations, only changing the password. However, it still failed to reboot the container

Hello!
I am curious about the configuration of the Logstash container. I tried to edit "main.conf" file in "logstash/pipeline/".
Unfortunately, it does nothing for me. Even file output not working.
Where can I create or edit a configuration file for input/output?
Much thanks!
My main.conf file looks like this:

i just runned the script, didnt make any changes.

Elastic cluster gets created but kibana and logstash are giving errors:

{"type":"log","@timestamp":"2020-08-04T15:37:44Z","tags":["warning","elasticsearch","admin"],"pid":8,"message":"Unable to revive connection: http://elasticsearch:9200/"}

If i do a:

curl -XGET -u elastic:changeme 'localhost:9200/_cluster/health?pretty it gives an output of the cluster.

So that part is runnig fine, looks like kibana cant communicate somehow with the cluster.

Can you help ?

The README describes docker-compose as 'optional', but make setup immediately fails with an error if it's not on the PATH:

phoenix@dockerhost:~/elastdocker$ make setup
make[1]: Entering directory '/home/phoenix/elastdocker'
/bin/sh: 1: docker-compose: not found
Makefile:21: recipe for target 'certs' failed
make[1]: *** [certs] Error 127
make[1]: Leaving directory '/home/phoenix/elastdocker'
Makefile:24: recipe for target 'setup' failed
make: *** [setup] Error 2

It seems like every target in the makefile uses docker-compose, which isn't very optional.

I'm a newbie in elasticsearch,
When I tried to make a request to elasticsearch server with:
curl --cert-type P12 --cert elastic-certificates.p12: -X GET "https://localhost:9200/_cat/nodes?v&pretty -k

I always get a

*   Trying ::1:9200...
* TCP_NODELAY set
* Connected to localhost (::1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:9200 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:9200 

FATAL Error: Unknown configuration key(s): "elastalert-kibana-plugin.serverHost", "elastalert-kibana-plugin.serverPort". Check for spelling errors and ensure that expected plugins are installe

my config kibana/config/kibana.yml:

ElastAlert Plugin

elastalert-kibana-plugin.serverHost: elastalert
elastalert-kibana-plugin.serverPort: 3030

ElastAlert contaner is running with "make tools"

Plz help me

It appears that SSL certificates that are generated during make setup never get injected into any containers. Is this a missing step?

Clicking the Generate from Template button leads to a 404.

Hello,
ElastAlert plugin for kibana is compatible with 7.7.0 ?
Best regards

Ask a question...
How the elastdocker can be used with docker swarm..

For 8.0 Upgrade

Hi there,

this might be a pretty dumb question but how do i change the password of an existing cluster?

i tried editing the .env file followed by make setup and

• docker stop/start elastic_elasticsearch_1 elastic_kibana_1 elastic_logstash_1
• docker-compose down -> docker-compose-up -d

My service is public facing and i messed the initial password up ;)

Thanks in advance

Hello,
Thanks for this project. It is very helpful.

I followed the instructions and I see this error when running make elk...

"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/certs/elastic-certificates.p12",

--- (truncated)
elasticsearch_1  | "at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.node.Node.<init>(Node.java:314) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.node.Node.<init>(Node.java:258) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.3.0.jar:7.3.0]",
elasticsearch_1  | "... 6 more",
elasticsearch_1  | "Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/certs/elastic-certificates.p12",
elasticsearch_1  | "at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]",
elasticsearch_1  | "at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]",
elasticsearch_1  | "at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]",
elasticsearch_1  | "at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[?:?]",
elasticsearch_1  | "at java.nio.file.Files.newByteChannel(Files.java:373) ~[?:?]",
elasticsearch_1  | "at java.nio.file.Files.newByteChannel(Files.java:424) ~[?:?]",
elasticsearch_1  | "at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]",
elasticsearch_1  | "at java.nio.file.Files.newInputStream(Files.java:158) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:87) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:58) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
elasticsearch_1  | "at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
elasticsearch_1  | "at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:146) ~[?:?]",
elasticsearch_1  | "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
elasticsearch_1  | "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
elasticsearch_1  | "at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
elasticsearch_1  | "at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
elasticsearch_1  | "at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
--- (truncated)

I can provide full logs and other details if needed.
Thanks again.

Hello,

I initialized now elastdocker like it was described here, but I am a complete ELK newby. Can somebody teach me, how I can get now some integrations on the fastest way? Is it necessary to setup these fleet stuff to get some integrations?

Ty for your help.

Ask a question...

Dear @sherifabdlnaby,
First, thanks you so much for your guide, it is very helpful for a newbie like me. But I have a question, how can i enable alert for Kibana, it says i must be enabled TLS:

But in Repository Introduction => Main Features => SSL Enabled for Transport Layer and Kibana.
Can you help me to resolve this problem.

Hi,

In previous releases, there was Dockerfile for each app(elastic, logstash, kibana)...Looks like its missing.
Where I can install plugins? Is there new way to do it without Dockerfile?
like
RUN logstash-plugin install logstash-filter-tld
RUN logstash-plugin install logstash-output-syslog

Describe the bug
'make down' command not working

To Reproduce

elastdocker$ make down
ERROR: The Compose file './docker-compose.tools.yml' is invalid because:
services.rubban.environment.RUBBAN_AUTOINDEXPATTERN_ENABLED contains true, which is an invalid type, it should be a string, number, or a null
Makefile:61: recipe for target 'down' failed
make: *** [down] Error 1

Solution:
edit ./docker-compose.tools.yml:
currently - RUBBAN_AUTOINDEXPATTERN_ENABLED: true
should be - RUBBAN_AUTOINDEXPATTERN_ENABLED: 'true'

BR,
Vasily.

Describe the bug
TLS doesn't get setup when following the setup.

To Reproduce
Steps to reproduce the behavior:

1. On a fresh node, clone the repo.
2. Run make setup
3. Run make elk

Expected behavior
TLS security is setup so native alerting works.

Screenshots

Only changes I made was setting the elk version to 7.9.0

what needs to be changed in the settings to deploy your project on the server https (https://test.mysite.com) ?

I'm sure I'm just missing it in the documentation, but how would I update the containers to a newer ELK stack version after the initial installation and configuration without losing data?

I used the project to build a 7.7.0 stack and it worked perfectly, but if I do this.. how would I subsequently upgrade to 7.8.0 for instance? I can always change the build number in the script, but if I run it again then I lose my data.

Thanks in advance.

Hi!
Great repo and article on towardsdatascience! Thanks for that!

I am getting the 'Your connection is not private' when trying to access https://localhost:5601 (kibana) in my web browser (NET::ERR_CERT_AUTHORITY_INVALID).

Do you have any ideas on what might be missing in order to get the certificate validated?

Best regards,
Stian

Is ElasticAlert compatible with ELK 7.9 ?

Describe the bug

Building the curator image fails when running 'make all' command.

To Reproduce

Execute 'make all'

Errors

Building curator
Step 1/7 : FROM alpine:3.8
---> c8bccc0af957
Step 2/7 : ARG CURATOR_VERSION=5.8.3
---> Using cache
---> cc4050d425d8
Step 3/7 : ENV CURATOR_VERSION=$CURATOR_VERSION
---> Using cache
---> 38d472cf16a5
Step 4/7 : RUN apk add --no-cache tini python py-pip && pip install elasticsearch-curator==${CURATOR_VERSION} && pip install -U pyyaml==3.12
---> Running in 21c13a874d4b
fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/community/x86_64/APKINDEX.tar.gz
(1/13) Installing libbz2 (1.0.6-r7)
(2/13) Installing expat (2.2.8-r0)
(3/13) Installing libffi (3.2.1-r4)
(4/13) Installing gdbm (1.13-r1)
(5/13) Installing ncurses-terminfo-base (6.1_p20180818-r1)
(6/13) Installing ncurses-terminfo (6.1_p20180818-r1)
(7/13) Installing ncurses-libs (6.1_p20180818-r1)
(8/13) Installing readline (7.0.003-r0)
(9/13) Installing sqlite-libs (3.25.3-r4)
(10/13) Installing python2 (2.7.15-r3)
(11/13) Installing py-setuptools (39.1.0-r0)
(12/13) Installing py2-pip (10.0.1-r0)
(13/13) Installing tini (0.18.0-r0)
ERROR: py2-pip-10.0.1-r0: Permission denied
Executing busybox-1.28.4-r3.trigger
1 error; 55 MiB in 25 packages
ERROR: Service 'curator' failed to build: The command '/bin/sh -c apk add --no-cache tini python py-pip && pip install elasticsearch-curator==${CURATOR_VERSION} && pip install -U pyyaml==3.12' returned a non-zero code: 1
Makefile:33: recipe for target 'all' failed
make: *** [all] Error 1

Looks the unhealthy caused "Kibana server is not ready yet".
How should I do?

Describe the bug
The README.md says that this repo is compatible with Docker Compose version 1.29.2, but I found that this version of Docker compose is sensitive to white-space in .env files. This is a known Docker Compose issue and has been resolved in later versions.

When starting elastdocker with docker-compose up, a warning message will appear on the command line that says, "WARNING: Python-dotenv could not parse statement starting at line 1". This happens because the secrets/.env.kibana.token file has been created during the make setup to be written in a way that is not compatible with Docker Compose 1.29.2 because it has whitespace and uses a colon, instead of an equal sign with no white-space.

KIBANA_SERVICE_ACCOUNT_TOKEN: <token>

If this environment file is re-written in the following way, Docker Compose 1.29.2 is able to read this environment file:

KIBANA_SERVICE_ACCOUNT_TOKEN=<token>

So, the README.md file should be modified so that it shows that this repo is only compatible with later versions of Docker Compose, or fix the .env.kibana.token file to replace the ": " with an equal sign "=".

To Reproduce
Steps to reproduce the behavior:

1. Using Docker Compose 1.29.2: docker-compose up
2. See displayed on command line: "WARNING: Python-dotenv could not parse statement starting at line 1".

Expected behavior
No WARNING message should be present when starting via docker-compose up

Desktop (please complete the following information):

• OS: CentOS 7.x
• Docker Compose, version 1.29.2

Hello, thank you for the hard work on this project.

I uncommented the following lines in elasticsearch/config/elasticsearch.yml:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12

I noticed the following comment in the README file, but wasn't sure which specific action I need to take.

Enabling SSL on HTTP layer will require all clients that connect to elasticsearch to configure SSL connection, this includes all current parts of the stack (e.g Logstash, Kibana, Curator, etc).

So I also updated kibana/config/kibana.yml to use https for elasticsearch.hosts.

When navigating to Kibana on my browser, it wasn't working. I checked the docker logs and it looked like Kibana was complaining about a self signed certificate. Note: before trying to setup SSL on HTTP, everything was working fine.

Some people online have suggested to convert .p12 to .pem format. However I wanted to see if the author had any thoughts first.

I'm using Ubuntu. Thanks again!

1. After having cloned the repository, and executing "make setup" I have the following error:

sudo make setup
make[1]: Entering directory /home/****/elastdocker' Building certs Step 1/4 : ARG ELK_VERSION ERROR: Service 'certs' failed to build: Please provide a source image with fromprior to commit make[1]: *** [certs] Error 1 make[1]: Leaving directory/home/****/elastdocker'
make: *** [setup] Error 2

2. When I run the command "make keystore" I get the following error:

sudo make keystore
Building keystore
Step 1/4 : ARG ELK_VERSION
ERROR: Service 'keystore' failed to build: Please provide a source image with from prior to commit
make: *** [keystore] Error 1

Hi!

Great stack! I was able to get your stack running on a Linux VM using docker-machine and virtual box (I still like docker-machine). Running Docker Engine and Compose @ latest through Docker Desktop on Mac. Stack is running well and builds well. Two questions:

I'm trying to send json logs to the beats input port (5044), but doesn't look like I'm getting anything through at http://localhost:5044 or https://localhost:5044. Any quick tips for how to push data to the beats endpoints (longtime ELK user, but have never used with security enabled). Do I need to add my own custom endpoint to the inputs configs for LS?

Kibana is not in a ready state when I navigate to https://localhost:5601. Likely, this is because ES hasn't receive any data. However, I'm gettting a lot of err_cert_invalid errors in Chrome. Forced to push through these in MozFF. Any thoughts on the certs?

I upgrade the JVM memory 4GB will it affect. My server has 12 core configuration, 16GB RAM

Reproduction:

• clone the repo
• edit .env file to set elasticsearch password (not needed probably)
• run make setup

Console output:

make setup
make[1]: Entering directory '/home/xxx/elastdocker'
Creating network "elastic_default" with the default driver
Building certs
Step 1/5 : ARG ELK_VERSION
Step 2/5 : FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
7.4.0: Pulling from elasticsearch/elasticsearch
b38629870fdb: Pull complete
4a2fc9d810b8: Pull complete
e2926999e93a: Pull complete
1bfda44c7b09: Pull complete
901547b54de2: Pull complete
7432709cdcf3: Pull complete
5b3b6dd860e9: Pull complete
Digest: sha256:ccacb1463adc6daee970ed45e34cc46c14ba22116b64d5d4fac58044dfd61e8c
Status: Downloaded newer image for docker.elastic.co/elasticsearch/elasticsearch:7.4.0
 ---> dd156dd42341
Step 3/5 : COPY scripts/docker-healthcheck .
 ---> 85e7b710f4a3
Step 4/5 : HEALTHCHECK CMD sh ./docker-healthcheck
 ---> Running in d9b49dcb0400
Removing intermediate container d9b49dcb0400
 ---> d6b7577dff83
Step 5/5 : RUN elasticsearch-plugin install --batch repository-s3
 ---> Running in 9e523ba7f528
-> Downloading repository-s3 from elastic
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessDeclaredMembers
* java.lang.RuntimePermission getClassLoader
* java.lang.reflect.ReflectPermission suppressAccessChecks
* java.net.SocketPermission * connect,resolve
* java.util.PropertyPermission es.allow_insecure_settings read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
-> Installed repository-s3
Removing intermediate container 9e523ba7f528
 ---> 0ebae034c3b0

Successfully built 0ebae034c3b0
Successfully tagged elastic_certs:latest
WARNING: Image for service certs was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
====== Generating Elasticsearch Certifications ======
=====================================================
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/elasticsearch/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Exception in thread "main" java.nio.file.AccessDeniedException: /secrets/certs/elastic-stack-ca.p12
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219)
	at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:478)
	at java.base/java.nio.file.Files.newOutputStream(Files.java:223)
	at org.elasticsearch.xpack.security.cli.CertificateTool.fullyWriteFile(CertificateTool.java:994)
	at org.elasticsearch.xpack.security.cli.CertificateTool.access$800(CertificateTool.java:85)
	at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.writeCertificateAuthority(CertificateTool.java:876)
	at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:867)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)
Makefile:21: recipe for target 'certs' failed
make[1]: *** [certs] Error 1
make[1]: Leaving directory '/home/xxx/elastdocker'
Makefile:24: recipe for target 'setup' failed
make: *** [setup] Error 2

Any subsequent rerun triggers the same warning/error.

Hey @sherifabdlnaby 👋
I'm the maintainer of elasticsearch-comrade an elasticsearch admin panel and I wonder if you will welcome a pr that adding Comrade to the stack

#22

In your screenshots, your chrome shows "Not Secure", presumably because of the self signed certificate. A more thorough approach would be to add let's encrypt to the repo and allow auto-issuing certificates automatically when the cluster is spun up. Tools like Caprover to this to great effect.

Could you please guide me to how to configure heartbeat.yml for easly access with elasticsearch?

I'm tried following configuration...still no luck :(

###output

output.elasticsearch:
hosts: ["https://192.168.1.1:9200"]
protocol: "https"
username: elastic
password: changeme

#Use SSL settings for HTTPS.

ssl.enabled: true

ssl.certificate_authorities: ["/path/elastdocker/secrets/certs/ca/ca.crt"]
#ssl.certificate: "/path/elastdocker/secrets/certs/elasticsearch/elasticsearch.crt"
#ssl.key: "/path/elastdocker/secrets/certs/elasticsearch/elasticsearch.key"

###tried - not working

https://www.elastic.co/guide/en/beats/heartbeat/8.0/elasticsearch-output.html

###test
root@test:/etc/heartbeat# heartbeat test output
elasticsearch: https://192.168.1.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.1.1
dial up... OK
TLS...
security... WARN server's certificate chain verification is disabled
handshake... ERROR x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Elastic Certificate Tool Autogenerated CA")

Describe the bug
I've attempted pulling and running this with Docker Desktop on an x86 and a M1 mac machines from master and a clean docker cache (docker system prune -a).

On the M1 machine, The 3 containers spun up with make setup && make elk will be created without issue. However the elasticsearch container will always be in a (starting) state.

I am able to pull logs from the docker-compose command for elasticsearch, and have pasted them here:
https://pastebin.com/eFB33LEQ

When I attempt to access the elasticsearch node via the port 9200 I recieve the following:

curl -k https://127.0.0.1:9200
curl: (7) Failed to connect to 127.0.0.1 port 9200: Connection refused OR curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:9200

To Reproduce
Steps to reproduce the behavior:

1. pull elastdocker on M1 machine
2. run make setup and wait for completion
3. run make elk
4. run curl -k https://127.0.0.1:9200 and docker ps

Expected behavior
I would expect that elasticsearch is able to begin it's service with the self-signed cert from make setup

Screenshots

Desktop (please complete the following information):

• Device: Mac Mini m1 chip & macbook pro m1
• OS: macOS big sur 11.5.2
• Version Docker version 20.10.11, build dea9396 & docker-compose version 1.29.2, build 5becea4c

Additional context

Full log dump from elasticsearch: https://pastebin.com/eFB33LEQ

Hi! Thank you for this awesome project!

Could you please, add some guide to enable SSL on HTTP?

Should i use certs that generates for TLS and add path to them in kibana.yaml, logstash.yaml etc?

Thank you!
Best regards.