Advice on Docker ELKv6.6.1 Authentication

Ramakrishna_Satti · March 11, 2019, 4:28am

I am not able to setup passwords for Kibana and ElastiCsearch. Please see below docker-compose.yml. I would appreciate if someone could put me in right direction?
Use Case: I would like to setup authentication/login for Kibana and Elastic Search.

version: '3.6'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.6.1
    container_name: elasticsearch
    environment:
      - "discovery.type=single-node"
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "ELASTIC_PASSWORD=MagicWord"
    ulimits:
      nproc: 65535
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300
  kibana:
    image: docker.elastic.co/kibana/kibana:6.6.1
    container_name: kibana
    environment:
      SERVER_NAME: localhost
      ELASTICSEARCH_URL: http://elasticsearch:9200/
      elasticsearch.username: "kibana"
      elasticsearch.password: "kibanapassword"
    ports:
      - 5601:5601
    ulimits:
      nproc: 65535
      memlock:
        soft: -1
        hard: -1
volumes:
  esdata:

Note: fyi, i posted this query on stackoverflow forum

tsullivan · March 15, 2019, 5:08pm

The kibana service environment variables should be uppercased and dot replaced with an underscore. Here's what mine looks like (using docker compose version 2.2)

  kibana:
    image: "docker.elastic.co/kibana/kibana:6.6.2"
    env_file: [".env"]
    volumes: ["./cert-bundle:$KBN_CERTS_DIR"]
    environment:
      - "SERVER_BASEPATH=/kibana"
      - "SERVER_HOST=kibana"
      - "LOGGING_VERBOSE=true"
      - "ELASTICSEARCH_URL=$ELASTICSEARCH_URL"
      - "ELASTICSEARCH_USERNAME=$KBN_ES_USERNAME"
      - "ELASTICSEARCH_PASSWORD=$KBN_ES_PASSWORD"
      - "ELASTICSEARCH_SSL_KEY=$KBN_CERTS_DIR/kibana.key"
      - "ELASTICSEARCH_SSL_CERTIFICATE=$KBN_CERTS_DIR/kibana.crt"
      - "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=$KBN_CERTS_DIR/ca/kibana-ca.crt"
      - "ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate"
      - "XPACK_REPORTING_ENCRYPTIONKEY=$SESSION_SECRET"
      - "XPACK_SECURITY_ENCRYPTIONKEY=$SESSION_SECRET"

BTW I prefer having passwords in a separate file called .env, so that I can commit my docker-compose.yml file into a git repo, but I don't have to have my passwords in the git repo. The .env file is listed in my .gitignore

system · April 12, 2019, 5:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.