docker部署ELK —— 启用安全模式（附yml文件）

目录

一  yml文件配置

二  配置文件

2.1 SSL密钥文件

2.2 kibna.yml文件

2.3 filebeat文件

三 启动容器

---

一  yml文件配置

 在我的上一篇文章中打开ELK集群并没有密码，安全性有所降低，所以新增登录界面

version: '2.2'
services:
  es01:
    image: elasticsearch:7.17.9
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12

    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data01:/usr/share/elasticsearch/data
      - /root/elk_docker/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9200:9200
    networks:
      - elastic
    restart: always
  es02:
     image: elasticsearch:7.17.9
     container_name: es02
     environment:
       - node.name=es02
       - cluster.name=es-docker-cluster
       - discovery.seed_hosts=es01,es03
       - cluster.initial_master_nodes=es01,es02,es03
       - bootstrap.memory_lock=true
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
       - xpack.security.enabled=true
       - xpack.security.transport.ssl.enabled=true
       - xpack.security.transport.ssl.verification_mode=certificate
       - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
       - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
     ulimits:
       memlock:
         soft: -1
         hard: -1
     volumes:
       - data02:/usr/share/elasticsearch/data
       - /root/elk_docker/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
     networks:
       - elastic
     restart: always
 
  kibana:
    depends_on:
      - es01
    container_name: kibana
    image: kibana:7.17.9
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /root/elk_docker/kibana.yml:/usr/share/kibana/config/kibana.yml
      - data03:/usr/share/kibana/data
    ports:
      - 5601:5601
    environment:
      - SERVER_NAME=kibana
    networks:
      - elastic
    mem_limit: 2G
    restart: always

  filebeat:
    image: filebeat:7.17.9
    user: root
    container_name: filebeat
    volumes:
      - /var/log/audit/audit.log:/message.log
      - /root/elk_docker/filebeat.yml:/usr/share/filebeat/filebeat.yml
    networks:
      - elastic
    restart: always
volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local

networks:
  elastic:
    driver: bridge

二  配置文件

     2.1 SSL密钥文件

docker exec -it es01 bash  ##进入容器
./bin/elasticserch-setup-passwords auto ##生成自动密码 ，也可以自己设置
************************************************
Changed password for user apm_system
PASSWORD apm_system = QUHGJHaaNE8IYmFGYvjm

Changed password for user kibana_system
PASSWORD kibana_system = So2XAdkEuFMDcfLmNbcA

Changed password for user kibana
PASSWORD kibana = So2XAdkEuFMDcfLmNbcA

Changed password for user logstash_system
PASSWORD logstash_system = UxooDfCKMxj29TuxHYQj

Changed password for user beats_system
PASSWORD beats_system = ELaDkdsg7Q1hMgJf3HiW

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = uE91OmlMhWtw6aEM59iW

Changed password for user elastic
PASSWORD elastic = fqSfBC7ZEHI3tZB1c2fH
**************************************************

2.2 kibna.yml文件

elasticsearch.username: "kibana_system"
elasticsearch.password: "So2XAdkEuFMDcfLmNbcA"

新增两行用于登录elastic

2.3 filebeat文件

elasticsearch.username: "elastic"
elasticsearch.password: "fqSfBC7ZEHI3tZB1c2fH"

用于输出到es集群不报错

三 启动容器