Complete ELK-stack example with Docker
I wanted a quick setup for an Elasticsearch Logstach and Kibana (ELK-)stack to work with. But searching on the internet gave me too many long-winded not really working examples.
That’s why I created this page. Use it to quickly get up-and-running with an ELK-stack of your own.
Create the file docker-compose.yml
# file: docker-compose.yml version: "3" services: elk: image: sebp/elk ports: - "5601:5601" - "9200:9200" - "5044:5044" environment: - MAX_MAP_COUNT=262145 - ELASTICSEARCH_START=1 - LOGSTASH_START=1 - KIBANA_START=1 - TZ="Europe/Amsterdam" volumes: - elk-data:/var/lib/elasticsearch volumes: elk-data:
Now start up with docker-compose up -d
. That’s it!
5601: endpoint for Kibana
9200: endpoint for elastic search
Add some security
Don’t leave your elastic-search open for everyone.
Add some basic security by adding a .htpasswd
config to your webserver.
$ sudo sh -c "echo -n 'myelasticuser:' >> /etc/nginx/.htpasswd" $ sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd" Password: Verifying - Password:
Add it to your webserver, like nginx.
server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /var/www/html; index index.html index.htm; server_name localhost; location / { try_files $uri $uri/ =404; auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; } }
Reload nginx.
$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful $ sudo service nginx reload
Some notes
I chose the Docker image of sebp because he’s got great documentation. Go check it out!
Especially the part with the Frequently Encountered Issues.
There, you’ll see that you’ll:
- need 4GB of memory for the Docker container
- need to set the amount of virtual memory on linux by setting the
max map count
:sudo sysctl -w vm.max_map_count=262144