You could have just used the default setting with security enabled by default than simply set the SSL verification to none for the beats.
You can also disable all security which it appears you are doing, then beats will use HTTP and no authentication
Unfortunately seems like you started 1 way and then changed
Both are valid... by default Elastic enables security because it is a data store, so you are actually going against the grain a bit...
here is a post on how to disable security
If you want a docker compose that creates an elastic and kibana with no security I have one....