Set Password and user with Docker-compose

Good afternoon,

I need help with elastic and docker-compose, the point is to add username and password to my elastic database with either kibana or no kibana.

I can't figure out how to do it without adding all the certificates and I don't want to do all of that.

Is there anything that can help me with that?

version: '3.6'

services:
elasticsearch4:

image: docker.elastic.co/elasticsearch/elasticsearch:7.6.1

container_name: elasticsearch4

ports:

  - "9203:9200"

environment:

  - cluster.name=elastic-udt-cluster

  - ELASTIC_USERNAME=elastic

  - ELASTIC_PASSWORD=DkIedPPSCb

  - xpack.security.enabled=true

  - xpack.security.transport.ssl.enabled=true

  #- xpack.monitoring.enabled=true

  #- xpack.monitoring.collection.enabled=true

  #- xpack.license.self_generated.type=trial

  - node.name=elasticsearch4

  - http.cors.enabled=true

  - http.cors.allow-origin=*

  - bootstrap.memory_lock=true

  - node.max_local_storage_nodes=4

  - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

  - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3,elasticsearch4

  - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3,elasticsearch4

ulimits:

  memlock:

    soft: -1

    hard: -1

  nofile:

    soft: ##

    hard: #

volumes:

  - '/vv/docker/elasticsearch/data:/usr/share/elasticsearch/data'

networks:

  - elasticNetwork

kibana:

image: docker.elastic.co/kibana/kibana:7.6.1

container_name: kibana

environment: 

  ELASTICSEARCH_URL: "http://elasticsearch:9200"

  ELASTICSEARCH_HOSTS: "http://elasticsearch:9200"

  XPACK_MONITORING_ENABLED: "true"

  XPACK_MONITORING_COLLECTION_ENABLED: "true"

  XPACK_SECURITY_ENABLED: "true"

  ELASTICSEARCH_USERNAME: "#"

  ELASTICSEARCH_PASSWORD: "#"

ports:

  - 5601:5601

networks:

  - elasticNetwork

networks:

elasticNetwork:

driver: bridge

ipam:

  driver: default

  config:

    - subnet: ####

Here is how I'm setting that with docker compose ( docker-compose.yml):

---
version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - xpack.security.enabled=$ELASTIC_SECURITY
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - 9200:9200
    networks: ['stack']

  kibana:
    image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
    ports: ['5601:5601']
    networks: ['stack']
    links: ['elasticsearch']
    depends_on: ['elasticsearch']

networks:
  stack: {}

.env file is:

ELASTIC_VERSION=7.6.1
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme

And with that asks for passwords and user in elasticsearh and Kibana?

I did the same thing and it sends me an error "Plase set [xpack.security.transport.ssl.enable] to true"

Only with SSL can I put a password? :frowning:

If you have multiple nodes, yes. Otherwise everything is in clear text between nodes which defeats security.

That is very sad :frowning: I need to put security to my nodes.

Why being secure is sad?

Just said,

Do you have a guide where I can see how to integrate the ssl to the nodes?

Yeah. https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

Well that apparently is without docker-compose. : S

Would that help? https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#next-getting-started-tls-docker