Closed jamesagarside closed 2 months ago
I've written a Makefile for exposing the Elastic Stack services outside of the host, I required this for testing but thought it might be helpful for others
# Inteface to accept traffic from interface=ens192 forward-stack: $(eval AGENT_ID := $(shell docker container ps -aqf "name=elastic-package-stack-elastic-agent-1")) $(eval FLEET_ID := $(shell docker container ps -aqf "name=elastic-package-stack-fleet-server-1")) $(eval KIBANA_ID := $(shell docker container ps -aqf "name=elastic-package-stack-kibana-1")) $(eval ELASTICSEARCH_ID := $(shell docker container ps -aqf "name=elastic-package-stack-elasticsearch-1")) $(eval REGISTRY_ID := $(shell docker container ps -aqf "name=elastic-package-stack-package-registry-1")) $(eval AGENT_IP := $(shell docker inspect $(AGENT_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress')) $(eval FLEET_IP := $(shell docker inspect $(FLEET_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress')) $(eval KIBANA_IP := $(shell docker inspect $(KIBANA_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress')) $(eval ELASTICSEARCH_IP := $(shell docker inspect $(ELASTICSEARCH_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress')) $(eval REGISTRY_IP := $(shell docker inspect $(REGISTRY_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress')) sudo sysctl -w net.ipv4.ip_forward=1 # Forward Fleet Server sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 8220 -j DNAT --to-destination $(FLEET_IP):8220 sudo iptables -t nat -A POSTROUTING -p tcp -d $(FLEET_IP) --dport 8220 -j MASQUERADE # Forward Kibana sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 5601 -j DNAT --to-destination $(KIBANA_IP):5601 sudo iptables -t nat -A POSTROUTING -p tcp -d $(KIBANA_IP) --dport 5601 -j MASQUERADE # Forward Elasticsearch sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9200 -j DNAT --to-destination $(ELASTICSEARCH_IP):9200 sudo iptables -t nat -A POSTROUTING -p tcp -d $(ELASTICSEARCH_IP) --dport 9200 -j MASQUERADE sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9300 -j DNAT --to-destination $(ELASTICSEARCH_IP):9300 sudo iptables -t nat -A POSTROUTING -p tcp -d $(ELASTICSEARCH_IP) --dport 9300 -j MASQUERADE # Forward Package Registry sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 8080 -j DNAT --to-destination $(REGISTRY_IP):8080 sudo iptables -t nat -A POSTROUTING -p tcp -d $(REGISTRY_IP) --dport 8080 -j MASQUERADE sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9000 -j DNAT --to-destination $(REGISTRY_IP):9000 sudo iptables -t nat -A POSTROUTING -p tcp -d $(REGISTRY_IP) --dport 9000 -j MASQUERADE
Closing as it causes issues with the package repo
I've written a Makefile for exposing the Elastic Stack services outside of the host, I required this for testing but thought it might be helpful for others