I`m trying to enable tls certification with x-pack.
docker-compose.yml
version: '2.2'
services:
es01:
container_name: es01
image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
environment:
- node.name=es01
- discovery.type=single-node
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=basic
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
volumes: ['data01:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']
ports:
- 9200:9200
kibana:
depends_on:
- es01
image: docker.elastic.co/kibana/kibana:7.2.0
environment:
- xpack.security.enabled=true
ports:
- 5601:5601
volumes:
- /home/alex/Desktop/tls/kibana.yml:/usr/share/kibana/config/kibana.yml
extra_hosts:
- "es01:127.0.0.1"
volumes: {"data01", "certs"}
kibana.yml
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "https://es01:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: "pa55word"
create-certs.yml
version: '2.2'
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
command: >
bash -c '
yum install -y -q -e 0 unzip;
if [[ ! -f /certs/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
unzip /certs/bundle.zip -d /certs;
fi;
chown -R 1000:0 /certs
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['certs:/certs', '.:/usr/share/elasticsearch/config/certificates']
volumes: {"certs"}
instances.yml
instances:
- name: es01
dns:
- es01
- localhost
ip:
- 127.0.0.1
.env
COMPOSE_PROJECT_NAME=es
CERTS_DIR=/usr/share/elasticsearch/config/certificates
ELASTIC_PASSWORD=pa55word
i followed this tutorial :
https://www.elastic.co/guide/en/elasticsearch/reference/7.2/configuring-tls-docker.html
so. elasticsearch works fine. i can reach elasticsearch on the : https://localhost:9200
and can see certificate.
But kibana container fails and give out some errors:
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:26Z","tags":["warning","elasticsearch","data"],"pid":1,"message":"Unable to revive connection: https://es01:9200/"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:26Z","tags":["warning","elasticsearch","data"],"pid":1,"message":"No living connections"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:26Z","tags":["license","warning","xpack"],"pid":1,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:29Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"Unable to revive connection: https://es01:9200/"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:29Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"No living connections"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:30Z","tags":["reporting","browser-driver","warning"],"pid":1,"message":"Enabling the Chromium sandbox provides an additional layer of protection."}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:30Z","tags":["reporting","warning"],"pid":1,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:30Z","tags":["status","plugin:reporting@7.2.0","error"],"pid":1,"state":"red","message":"Status changed from uninitialized to red - No Living connections","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:30Z","tags":["status","plugin:security@7.2.0","error"],"pid":1,"state":"red","message":"Status changed from green to red - No Living connections","prevState":"green","prevMsg":"Ready"}
kibana_1 | {"type":"log","@timestamp":"2019-09-06T12:11:30Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"Unable to revive connection:
localhost:5601 works. I can get message "Kibana server is not ready yet"
https://localhost:5601 is not working.
inside kibana container i can`t
curl es01:9200
with error
connection refused
etc/hosts
has already all hosts.
Where is the error?
Thank you a lot.