Enterprise Search could not connect to Kibana

Hi, I try to setup enterprise search in docker-compose, but idk why enterprisesearch isnt able to connect to Kibana. There is my complete docker-compose.yml :

services:
  setup:
    container_name: setup
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120
    networks:
      - esnet

  es01:
    container_name: es01
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01
      # - cluster.initial_master_nodes=es01,es02,es03
      # - cluster.initial_master_nodes=es01,es02
      # - discovery.seed_hosts=es02,es03
      # - discovery.seed_hosts=es02
      # - discovery.type=single-node
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - esnet

  kibana:
    container_name: kibana
    depends_on:
      es01:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - ENTERPRISESEARCH_HOST=http://enterprisesearch:${ENTERPRISE_SEARCH_PORT}
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - esnet
  
  enterprisesearch:
    container_name: enterprisesearch
    depends_on:
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: docker.elastic.co/enterprise-search/enterprise-search:${STACK_VERSION}
    volumes:
      - certs:/usr/share/enterprise-search/config/certs
      - enterprisesearchdata:/usr/share/enterprise-search/config
    ports:
      - ${ENTERPRISE_SEARCH_PORT}:3002
    environment:
      - SERVERNAME=enterprisesearch
      - secret_management.encryption_keys=[${ENCRYPTION_KEYS}]
      - allow_es_settings_modification=true
      - elasticsearch.host=https://es01:9200
      - elasticsearch.username=elastic
      - elasticsearch.password=${ELASTIC_PASSWORD}
      - elasticsearch.ssl.enabled=true
      - elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt
      - kibana.external_url=http://kibana:5601
    mem_limit: ${AP_MEM_LIMIT}
    healthcheck:
      test:
        [
            "CMD-SHELL",
            "curl -s -I http://localhost:3002 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - esnet
  
  nginx:
    container_name: nginx
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'  # HTTP
      - '443:443' # HTTPS
      - '81:81'  # Admin Web Port
    volumes:
      - nginx-data:/data
      - nginx-letsencrypt:/etc/letsencrypt
      - nginx-snippets:/snippets:ro
    environment:
      TZ: 'Europe/Berlin'
    networks:
      - esnet

volumes:
  certs:
    driver: local
    name: certs
  esdata01:
    driver: local
    name: esdata01
  kibanadata:
    driver: local
    name: kibanadata
  enterprisesearchdata:
    driver: local
    name: enterprisesearchdata
  nginx-data:
    driver: local
    name: nginx-data
  nginx-letsencrypt:
    driver: local
    name: nginx-letsencrypt
  nginx-snippets:
    driver: local
    name: nginx-snippets

networks:
  esnet:
    driver: bridge
    name: esnet

I think the problem is enterprisesearch try to access Kibana from localhost instead of kibana.

There is enterprisesearch logs :

enterprisesearch  | Custom Enterprise Search configuration file detected, not overwriting it (any settings passed via environment will be ignored)
enterprisesearch  | Found java executable in PATH
enterprisesearch  | Java version detected: 11.0.23 (major version: 11)
enterprisesearch  | Enterprise Search is starting...
enterprisesearch  | [2024-09-12T09:38:09.894+00:00][7][4004][app-server][INFO]: Elastic Enterprise Search version=8.15.0, JRuby version=9.3.14.0, Ruby version=2.6.8, Rails version=6.1.7.7
enterprisesearch  | [2024-09-12T09:38:11.321+00:00][7][4004][app-server][INFO]: Performing pre-flight checks for Elasticsearch running on https://es01:9200...
enterprisesearch  | WARNING: An illegal reflective access operation has occurred
enterprisesearch  | WARNING: Illegal reflective access by org.jruby.javasupport.binding.ConstantField (file:/usr/share/enterprise-search/lib/war/lib/jruby-core-9.3.14.0-complete.jar) to field sun.security.x509.X509CertImpl.SIG
enterprisesearch  | WARNING: Please consider reporting this to the maintainers of org.jruby.javasupport.binding.ConstantField
enterprisesearch  | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
enterprisesearch  | WARNING: All illegal access operations will be denied in a future release
enterprisesearch  | [2024-09-12T09:38:11.973+00:00][7][4004][app-server][INFO]: Elasticsearch cluster is ready
enterprisesearch  | [2024-09-12T09:38:11.975+00:00][7][4004][app-server][INFO]: Successfully connected to Elasticsearch
enterprisesearch  | [2024-09-12T09:38:12.035+00:00][7][4004][app-server][INFO]: Successfully loaded Elasticsearch plugin information for all nodes
enterprisesearch  | [2024-09-12T09:38:12.048+00:00][7][4004][app-server][INFO]: Elasticsearch running with an active basic license
enterprisesearch  | [2024-09-12T09:38:12.084+00:00][7][4004][app-server][INFO]: Elasticsearch API key service is enabled
enterprisesearch  | [2024-09-12T09:38:12.098+00:00][7][4004][app-server][INFO]: Elasticsearch will be used for authentication
enterprisesearch  | [2024-09-12T09:38:12.100+00:00][7][4004][app-server][INFO]: Elasticsearch looks healthy and configured correctly to run Enterprise Search
enterprisesearch  | [2024-09-12T09:38:12.102+00:00][7][4004][app-server][INFO]: Performing pre-flight checks for Kibana running on http://localhost:5601...
enterprisesearch  | [2024-09-12T09:38:12.132+00:00][7][4004][app-server][WARN]: Failed to connect to Kibana backend. Make sure it is running and healthy.
enterprisesearch  | [2024-09-12T09:38:12.135+00:00][7][4004][app-server][ERROR]: Could not connect to Kibana backend after 0 seconds.
enterprisesearch  | [2024-09-12T09:38:12.136+00:00][7][4004][app-server][WARN]: Enterprise Search is unable to connect to Kibana. Ensure it is running at http://localhost:5601 for user elastic.
enterprisesearch  | [2024-09-12T09:38:17.561+00:00][7][4004][app-server][INFO]: Elastic APM agent is disabled

Do u have some idea ? I really dont know how to fix it

Thx !

Well I can connect Enterprise Search to Kibana using kibana.host instead of kibana.external_url. But Enterprise Search container stop after connecting without error or warning, just stop...

From Elasticsearch to Elastic Search

Added elastic-app-search and removed elastic-stack-security

Hi @lxup,

Indeed you needed to update kibana.host to point to correct url.

Regarding container stopping - not sure why it could happen. Can you share any logs from Enterprise Search? Are you allocating correct amount of resources to the image? (at least 2GB)

Sry for wrong tags its my first post here.

And yes but the example from Enterprise Search here : Run Enterprise Search server using Docker images | Enterprise Search documentation [8.15] | Elastic

Never use kibana.host, only kibana. external_url, probably a mistake :sweat_smile:

I found the problem with Enterprise Search, Ive increase RAM to 2GB instead of 1GB