Change nameserver

[Kottare]

Hi, So far i've configured ELK stack with Fleet server and its working but I have one question. Is it possible to change hostnames? I dont want to add to hosts.cfg ip and names for fleetserver/elasticserver I want to assign them address like elasticsearch.MYDOMAIN.

I have proxy-manager and will forward domain to this IP, but without domain name i cannot do it.

[antoineco]

@Kottare this question is very generic. Here are a few things that need to be clarified:

• Do you have a DNS infrastructure in place to resolve MYDOMAIN?
• Is proxy-manager running on the same host as the Elastic stack? If yes, just attach it to the docker-elk network and it will be able to resolve internal service names such as elasticsearch (check the output of docker network ls to get the network name and id)

[Kottare]

Hi,

1. Yes, I have.
2. No, my NPM is installed on other VM.

At this point I have figure how to change all stuff in fleet server settings and have correct FQDN. Agents seems to connect to server, but in CPU/memory I have N/A - thats mean they still have problem to connect to elasticsearch even if in ouputs settings I have "https://elasticsearch.DOMAIN:9200:"

I've enrolled agents aswell.

Edit:

It have something to with "elasticsearch.hosts" in kibana.yml config. When I put only elasticsearch:9200 it starts, whenever I change it for elasticsearch.domain:9200 it crashes and I see "kibana server is not ready yet" and in docker logs i can see: Unable to retrieve version information from Elasticsearch nodes. Hostname/IP does not match certificate's altnames: Host: elasticsearch.XXX. is not in the cert's altnames: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:elasticsearch To be honest it may be a very easy problem, but i'm still newbie with dockers and learning them.

[antoineco]

All you need is create one domain name for the ELK host really, something like elk.MYDOMAIN.

Then, configure your proxy with the following backends:

• https://kibana.MYDOMAIN -> http://elk.MYDOMAIN:5600
• https://elasticsearch.MYDOMAIN -> http://elk.MYDOMAIN:9200
• https://fleet.MYDOMAIN -> http://elk.MYDOMAIN:8200 etc.

Keep using internal names within the stack wherever possible, but announce Fleet with a public URL to the agents here: https://github.com/deviantony/docker-elk/blob/eeb8026baf5f9550bf0ac01e63b9b3d16e7b0e0d/kibana/config/kibana.yml#L33

This should be enough. Like you said, it might be necessary to announce an Elasticsearch URL with a public URL too, but I'm pretty sure most agents don't require this.

[Kottare]

Thanks for your advise, I've fixed it with modification. For people who will look for resolution:

1. Installed nginx on machine with docker-stack
2. Reverse proxy for ip from docker network to :9200
3. On Proxy-manager create record to elasticsearch.domain:9200