Elasticsearch authentication in Docker Swarm mode

I have upgraded my Dev environment ELK stack to v 7.10.2 and I have authentication issues with connecting Kibana to Elasticsearch.

Scenario

The ELK stack is in Docker containers deployed in Swarm mode via a docker-compose.yml file.

Services:

Containers:

The Kibana service is running but in the log I get

{"type":"log","@timestamp":"2022-02-04T11:07:56Z","tags":["error","elasticsearch","data"],"pid":8,"message":"[ConnectionError]: connect ECONNREFUSED :9200"}
{"type":"log","@timestamp":"2022-02-04T11:07:56Z","tags":["error","savedobjects-service"],"pid":8,"message":"Unable to retrieve version information from Elasticsearch nodes."}
{"type":"log","@timestamp":"2022-02-04T11:07:58Z","tags":["error","elasticsearch","data"],"pid":8,"message":"[ResponseError]: Response Error"}

When I try to reach Elasticsearch I get as a response

<html>
<body>
	<h1>401 Unauthorized</h1>
	You need a valid user and password to access this content.
</body>
</html>

I know I have to set the built-in users' passwords through the command ./bin/elasticsearch-setup-passwords interactive but here's my first question: where should I run this command, inside the Elasticsearch container? Because if so I've opened a Bash terminal in the container and I can't find any elasticsearch-setup-passwords scripts to run, it simply isn't there.

On top of that I have additional questions:

  1. should I add any security or authentication properties in the Elasticsearch config file?
  2. aside of elasticsearch.username and elasticsearch.password should I add any security or authentication properties in the Kibana config file?
  3. since the Elasticsearch container is removed and recreated from scratch every time the Docker stack is removed, is there a way to automatically run that elasticsearch-setup-passwords script every time the container is recreated? In pure Docker Compose we could add commands in the Dockerfile but Swarm ignores that file as it ignores the Build command so...

I'm at a loss, any suggestion is more than welcome

It looks like you are using the OSS distribution of the stack, which does not contain any security at all. I am therefore not sure where the request for authentication is coming from.

I'm indeed using the OSS distribution, and it shouldn't ask for authentication? Weird response I get there then

I suspect you either has some plugin installed or that you access through a proxy which requires authentication.

You should just switch to the standard distribution and update your version to 7.17.0.

1 Like

I have a proxy in place but when the stack was deployed pure Docker Compose way I've never had this authentication request.

How can I feed the HA Proxy with username and password?

If I do so I assume I'll find the Elasticsearch-setup-passwords scripts. But what would the answers be to my three questions?

Kibana does not support the use of a proxy for authentication, so I would like David recommend that you switch to the default distribution and the latest version.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.