I built my ES
and Kibana
through docker-compose File like this
And my question is: my Kibana
service cant connect to my Es
, whether I change my docker-compose file or kibana.yml
, kibana always connect to 127.0.0.1:9200
and error with connect refused
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
restart: always
container_name: es01
environment:
- node.name=es01
- discovery.seed_hosts=es01,es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=trial
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
volumes: ['data01:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']
ports:
- 9200:9200
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
es02:
container_name: es02
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
restart: always
environment:
- node.name=es02
- discovery.seed_hosts=es01,es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=trial
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es02/es02.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es02/es02.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es02/es02.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es02/es02.key
volumes: ['data02:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']
ulimits:
memlock:
soft: -1
hard: -1
es03:
container_name: es03
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
restart: always
environment:
- node.name=es03
- discovery.seed_hosts=es01,es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=trial
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es03/es03.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es03/es03.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es03/es03.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es03/es03.key
volumes: ['data03:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']
ulimits:
memlock:
soft: -1
hard: -1
wait_until_ready:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
command: /usr/bin/true
depends_on: {"es01": {"condition": "service_healthy"}}
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
restart: always
container_name: kibana
ports:
- 5601:5601
environment:
- SERVER_NAME= kibana
- SERVER_HOSE= 0.0.0.0
- elasticsearch.hosts= https://myIp:92000
- SERVER_SSL_ENABLED=true
- SERVER_SSL_CERTIFICATE=$KIBANA_CERTS_DIR/kibana.crt
- SERVER_SSL_KEY=$KIBANA_CERTS_DIR/kibana.key
#- ELASTICSEARCH.USERNAME=kibana_system
#- ELASTICSEARCH.PASSWORD=$KIBANA_PASSWORD
- ELASTICSEARCH.SSL.CERTIFICATEAUTHORITIES=$KIBANA_CERTS_DIR/ca/ca.crt
- ELASTICSEARCH.SSL.VERIFICATIONMODE=certificate
- xpack.security.enabled=true
- xpack.security.encryptionKey="SOMETHING_CODE_ENCRYPTIONKEY_HERE"
- xpack.reporting.encryptionKey="SOMETHING_CODE_ENCRYPTIONKEY_HERE"
- i18n.locale=zh-CN
- TZ=Asia/Shanghai
volumes: ['./kibana:$KIBANA_CERTS_DIR','/home/bali16/service/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml']
depends_on:
- es01
- es02
- es03
volumes: {"data01", "data02","data03","certs"}
and here is my kibana container logs
{"type":"log","@timestamp":"2024-04-17T16:26:00+08:00","tags":["info","plugins-service"],"pid":1213,"message":"Plugin \"metricsEntities\" is disabled."}
{"type":"log","@timestamp":"2024-04-17T16:26:00+08:00","tags":["warning","config","deprecation"],"pid":1213,"message":"plugins.scanDirs is deprecated and is no longer used"}
{"type":"log","@timestamp":"2024-04-17T16:26:00+08:00","tags":["warning","config","deprecation"],"pid":1213,"message":"Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0.\""}
{"type":"log","@timestamp":"2024-04-17T16:26:00+08:00","tags":["warning","config","deprecation"],"pid":1213,"message":"\"xpack.reporting.roles\" is deprecated. Granting reporting privilege through a \"reporting_user\" role will not be supported starting in 8.0. Please set \"xpack.reporting.roles.enabled\" to \"false\" and grant reporting privileges to users using Kibana application privileges **Management > Security > Roles**."}
{"type":"log","@timestamp":"2024-04-17T16:26:00+08:00","tags":["info","http","server","NotReady"],"pid":1213,"message":"http server running at https://localhost:5601"}
{"type":"log","@timestamp":"2024-04-17T16:26:01+08:00","tags":["info","plugins-system"],"pid":1213,"message":"Setting up [106] plugins: [translations,taskManager,licensing,globalSearch,globalSearchProviders,banners,licenseApiGuard,code,usageCollection,xpackLegacy,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,screenshotMode,telemetry,newsfeed,mapsEms,mapsLegacy,legacyExport,kibanaLegacy,embeddable,uiActionsEnhanced,expressions,charts,esUiShared,bfetch,data,savedObjects,visualizations,visTypeXy,visTypeVislib,visTypeTimelion,features,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,presentationUtil,timelion,home,searchprofiler,painlessLab,grokdebugger,graph,visTypeVega,management,watcher,licenseManagement,indexPatternManagement,advancedSettings,discover,discoverEnhanced,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,savedObjectsManagement,spaces,security,transform,savedObjectsTagging,lens,reporting,canvas,lists,ingestPipelines,fileUpload,maps,dataVisualizer,encryptedSavedObjects,dataEnhanced,timelines,dashboardMode,cloud,upgradeAssistant,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,osquery,ml,cases,securitySolution,observability,uptime,infra,monitoring,logstash,console,apmOss,apm]"}
{"type":"log","@timestamp":"2024-04-17T16:26:01+08:00","tags":["info","plugins","taskManager"],"pid":1213,"message":"TaskManager is identified by the Kibana UUID: c8256dfe-2b3f-4c1f-86bc-896ae35eba61"}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","security","config"],"pid":1213,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","reporting","config"],"pid":1213,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","reporting","config"],"pid":1213,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":1213,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","actions","actions"],"pid":1213,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2024-04-17T16:26:04+08:00","tags":["warning","plugins","alerting","plugins","alerting"],"pid":1213,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2024-04-17T16:26:10+08:00","tags":["info","plugins","ruleRegistry"],"pid":1213,"message":"Write is disabled, not installing assets"}
{"type":"log","@timestamp":"2024-04-17T16:26:10+08:00","tags":["info","savedobjects-service"],"pid":1213,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-04-17T16:26:10+08:00","tags":["error","savedobjects-service"],"pid":1213,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 127.0.0.1:9200"}
As you look in kibana log,
Even the port of elasticsearch.hosts
is 92000
in my docker-compose file, it always connect to 127.0.0.1
(by the way , the port in my kibana.yml is 92001
, it also useless )
And then , I can visit and operate my Es with username and password on browser, it is prove that my es is OK
So do I have any problems with my configuration?
How should I solve the problem of the Kibana
connect? It seems like when I don’t configure the SSL of the ES
and Kibana
, they can connected successfully