Hi there,
i just try to setup an ELK-Stack for our application, to centralize the logs that get produced from our services involved. I first tried to setup the ELK-Stack in our internal network, to get familiar with it and it worked fine. Now i just try to setup the elasticsearch-service and the kibana-service on an external server. I know that it's not recommended to run these services on the same server, but i am not in the stadium to setup a cluster. For the purpose to delegate the services to other machines (webnodes) we will use kubernetes or some similiary tool later on. So to prepare that, i try to delegate my services with a docker-compose.yml file. To connect to kibana i will have to use https and try to setup the ssl for kibana via the docker-compose.yml.
My compose-file looks like this:
//
1 version: '3.6'
2 services:
3 elasticsearch:
4 image: docker.elastic.co/elasticsearch/elasticsearch:6.3.2
5 container_name: elasticsearch
6 environment:
7 - cluster.name=docker-cluster
8 - bootstrap.memory_lock=true
9 - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
10 ulimits:
11 memlock:
12 soft: -1
13 hard: -1
14 volumes:
15 - esdata1:/usr/share/elasticsearch/data
16 ports:
17 - 9200:9200
18 networks:
19 - esnet
20 elasticsearch2:
21 image: docker.elastic.co/elasticsearch/elasticsearch:6.3.2
22 container_name: elasticsearch2
23 environment:
24 - cluster.name=docker-cluster
25 - bootstrap.memory_lock=true
26 - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
27 ulimits:
28 memlock:
29 soft: -1
30 hard: -1
31 volumes:
32 - esdata2:/usr/share/elasticsearch/data
33 networks:
34 - esnet
35 kibana:
36 image: docker.elastic.co/kibana/kibana:6.3.2
37 container_name: kibana
38 secrets:
39 - source: my.crt
40 target: /usr/share/kibana/config/kibana.crt
41 - source: my.key
42 target: /usr/share/kibana/config/certs/kibana.key
43 - source: kibana.yml
44 target: /usr/share/kibana/config/kibana.yml
45 ports: ['5601:5601']
46 volumes:
47 - ./kibana.yml:/usr/share/kibana/config/kibana.yml
48 networks:
49 - esnet
50 depends_on:
51 - elasticsearch
52 - elasticsearch2
53
54 volumes:
55 esdata1:
56 driver: local
57 esdata2:
58 driver: local
59
60 networks:
61 esnet:
62
63 secrets:
64 kibana.yml:
65 file: /home/myuser/elkstack_compose/kibana.yml
66 my.crt:
67 file: /home/myuser/elkstack_compose/my.crt
68 my.key
69 file: /home/myuser/elkstack_compose/my.key
//
My kibana.yml looks like this:
//
1 # Default Kibana configuration from kibana-docker.
2
3 server.name: kibana
4 server.host: "0"
5 elasticsearch.url: http://elasticsearch:9200
6 xpack.monitoring.ui.container.elasticsearch.enabled: true
7
8 server.ssl.enabled: true
9 server.ssl.key: "/usr/share/kibana/config/kibana.key"
10 server.ssl.certificate: "/usr/share/kibana/config/kibana.crt"
//
When i start up my docker-stack i get the following error-message:
//
ide=/, -Xms512m, -Xmx512m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=tar]
kibana | FATAL { Error: ENOENT: no such file or directory, open '/usr/share/kibana/config/kibana.key'
kibana | at Object.fs.openSync (fs.js:646:18)
kibana | at fs.readFileSync (fs.js:551:33)
kibana | at setupConnection (/usr/share/kibana/src/server/http/setup_connection.js:56:33)
kibana | at KbnServer.exports.default (/usr/share/kibana/src/server/http/index.js:54:41)
kibana | at KbnServer.mixin (/usr/share/kibana/src/server/kbn_server.js:136:16)
kibana | at
kibana | at process._tickCallback (internal/process/next_tick.js:188:7)
kibana | at Function.Module.runMain (module.js:695:11)
kibana | at startup (bootstrap_node.js:191:16)
kibana | at bootstrap_node.js:612:3
kibana | errno: -2,
kibana | code: 'ENOENT',
kibana | syscall: 'open',
kibana | path: '/usr/share/kibana/config/kibana.key' }
kibana exited with code 1
//
Does anybody have an idea, what am i doing wrong? Any help would be welcome