Hi, I have a multi node - multi instance (VM and BareMetal servers) docker swarm cluster for my ELK Stack with 3 ES Masters, 3 Kibana Nodes, data nodes etc.
ES and Kibana Version - 7.17.8
I want to enable basic authentication for Kibana which allows login screen to Kibana but without HTTP and Transport SSL enabled (i.e no certificates).
It this possible with basic only license to achieve this over multiple nodes / instances ? Please help!
Below is my docker compose .yml
version: '3.8'
configs:
nginx.conf:
external: true
load-balancer.conf:
external: true
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- network.host=0.0.0.0
- discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=false
- ELASTIC_PASSWORD=changeme
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/elastic:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
networks:
- aps-elk-network-prod
deploy:
placement:
constraints: [ node.labels.role == elk-master-node ]
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- network.host=0.0.0.0
- discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/elastic:/usr/share/elasticsearch/data
networks:
- aps-elk-network-prod
deploy:
placement:
constraints: [ node.labels.role == elk-master-node ]
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- network.host=0.0.0.0
- discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/elastic:/usr/share/elasticsearch/data
networks:
- aps-elk-network-prod
deploy:
placement:
constraints: [ node.labels.role == elk-master-node ]
elk-data:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
container_name: elk-data
environment:
- node.name=elk-data-{{.Node.Hostname}}
- discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
- cluster.initial_master_nodes=es01,es02,es03
- cluster.name=es-docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- node.master=false
- node.data=true
- node.ingest=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/elastic:/usr/share/elasticsearch/data
networks:
- aps-elk-network-prod
deploy:
replicas: 11
placement:
constraints: [ node.labels.role == elk-data-node ]
kibana:
image: docker.elastic.co/kibana/kibana:7.17.8
environment:
ELASTICSEARCH_HOSTS: '["http://98.8.171.72:9200","http://98.8.171.71:9200","http://98.8.171.70:9200"]'
ELASTICSEARCH_USERNAME: elastic
ELASTICSEARCH_PASSWORD: changeme
networks:
- aps-elk-network-prod
ports:
- 5601:5601
depends_on:
- es01
deploy:
replicas: 3
placement:
constraints: [ node.labels.label3 == elk-kibana-node ]
max_replicas_per_node: 1
elk-coordinator:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
container_name: elk-coordinator
environment:
- node.name=elk-coordinator-{{.Node.Hostname}}
- discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
- cluster.initial_master_nodes=es01,es02,es03
- cluster.name=es-docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- node.master=false
- node.data=true
- node.ingest=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/elastic:/usr/share/elasticsearch/data
networks:
- aps-elk-network-prod
deploy:
replicas: 3
placement:
constraints: [ node.labels.label1 == elk-coordinator-node ]
max_replicas_per_node: 1
nginx:
image: nginx:latest
container_name: oss_elk_ncw_nginx
configs:
- source: nginx.conf
target: /etc/nginx/nginx.conf
- source: load-balancer.conf
target: /etc/nginx/conf.d/load-balancer.conf
ports:
- 9000:9000
networks:
- aps-elk-network-prod
deploy:
placement:
constraints: [ node.labels.role == elk-loadbalancer-node ]
networks:
aps-elk-network-prod:
driver: overlay