I wanted a quick setup for an Elasticsearch Logstach and Kibana (ELK-)stack to work with. But searching on the internet gave me too many long-winded not really working examples.
That’s why I created this page. Use it to quickly get up-and-running with an ELK-stack of your own.
Create the file docker-compose.yml
# file: docker-compose.yml
version: "3"
services:
elk:
image: sebp/elk
ports:
- "5601:5601"
- "9200:9200"
- "5044:5044"
environment:
- MAX_MAP_COUNT=262145
- ELASTICSEARCH_START=1
- LOGSTASH_START=1
- KIBANA_START=1
- TZ="Europe/Amsterdam"
volumes:
- elk-data:/var/lib/elasticsearch
volumes:
elk-data:
Now start up with docker-compose up -d. That’s it!
5601: endpoint for Kibana
9200: endpoint for elastic search
Don’t leave your elastic-search open for everyone.
Add some basic security by adding a .htpasswd config to your webserver.
$ sudo sh -c "echo -n 'myelasticuser:' >> /etc/nginx/.htpasswd" $ sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd" Password: Verifying - Password:
Add it to your webserver, like nginx.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Reload nginx.
$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful $ sudo service nginx reload
I chose the Docker image of sebp because he’s got great documentation. Go check it out!
Especially the part with the Frequently Encountered Issues.
There, you’ll see that you’ll:
max map count:sudo sysctl -w vm.max_map_count=262144