Open wingerlion opened 3 years ago
I'm trying to add alerts but first I need to activate transport layer security. I have generated my self signed certificated using this bash
#!/bin/bash # Generate Root Key rootCA.key with 2048 openssl genrsa -passout pass:"$1" -des3 -out rootCA.key 2048 # Generate Root PEM (rootCA.pem) with 1024 days validity. openssl req -passin pass:"$1" -subj "/C=US/ST=Random/L=Random/O=Global Security/OU=IT Department/CN=Local Certificate" -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem # Add root cert as trusted cert if [[ "$OSTYPE" == "linux-gnu"* ]]; then # Linux yum -y install ca-certificates update-ca-trust force-enable cp rootCA.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust #meeting ES requirement sysctl -w vm.max_map_count=262144 elif [[ "$OSTYPE" == "darwin"* ]]; then # Mac OSX security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem else # Unknown. echo "Couldn't find desired Operating System. Exiting Now ......" exit 1 fi # Generate Kib01 Cert openssl req -subj "/C=US/ST=Random/L=Random/O=Global Security/OU=IT Department/CN=localhost" -new -sha256 -nodes -out kib01.csr -newkey rsa:2048 -keyout kib01.key openssl x509 -req -passin pass:"$1" -in kib01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out kib01.crt -days 500 -sha256 -extfile <(printf "subjectAltName=DNS:localhost,DNS:kib01")
I have added the following SSL variables in Kibana Service:
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=Vss86whNwQrKjA3D8aKTCRN6SnZLX4rv - SERVER_SSL_ENABLED=false - SERVER_SSL_KEY=config/certs/kib01.key - SERVER_SSL_CERTIFICATE=config/certs/kib01.crt - SERVER_SSL_KEYPASSPHRASE=testest123 - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/rootCA.pem
docker.compose.yml
version: "3.8" # 10 Things to Consider When Planning Your Elasticsearch Project: https://ecmarchitect.com/archives/2015/07/27/4031 # Using Apache JMeter to Test Elasticsearch: https://ecmarchitect.com/archives/2014/09/02/3915 services: swarm-listener: image: dockerflow/docker-flow-swarm-listener:latest hostname: swarm-listener networks: - elastic volumes: - "/var/run/docker.sock:/var/run/docker.sock" environment: - DF_NOTIFY_CREATE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/reconfigure - DF_NOTIFY_REMOVE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/remove deploy: placement: constraints: [node.role == manager] proxy: image: dockerflow/docker-flow-proxy:latest hostname: proxy ports: - "80:80" - "443:443" - "9200:9200" - "8200:8200" networks: - elastic environment: - LISTENER_ADDRESS=swarm-listener - MODE=swarm - BIND_PORTS=9200,8200 deploy: replicas: 2 elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.7.0} environment: # https://github.com/docker/swarmkit/issues/1951 - node.name={{.Node.Hostname}} - discovery.seed_hosts=elasticsearch - cluster.initial_master_nodes=${INITIAL_MASTER_NODES:-node1} - cluster.name=DevOps - ELASTIC_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme} - xpack.security.enabled=true - xpack.monitoring.collection.enabled=true - xpack.security.audit.enabled=true - xpack.license.self_generated.type=trial - network.host=0.0.0.0 networks: - elastic volumes: - elasticsearch:/usr/share/elasticsearch/data deploy: mode: 'global' endpoint_mode: dnsrr labels: - com.df.notify=true - com.df.distribute=true - com.df.servicePath=/ - com.df.port=9200 - com.df.srcPort=9200 logstash: image: docker.elastic.co/logstash/logstash:${ELASTIC_VERSION:-7.7.0} hostname: "{{.Node.Hostname}}-logstash" environment: - XPACK_MONITORING_ELASTICSEARCH_URL=http://elasticsearch:9200 - XPACK_MONITORING_ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME:-elastic} - XPACK_MONITORING_ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme} ports: - "12201:12201/udp" networks: - elastic configs: - source: ls_config target: /usr/share/logstash/pipeline/logstash.conf kibana: image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION:-7.7.0} hostname: "{{.Node.Hostname}}-kibana" environment: - ELASTICSEARCH_URL=http://elasticsearch:9200 - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME:-elastic} - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme} - SERVER_NAME="{{.Node.Hostname}}-kibana" - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=Vss86whNwQrKjA3D8aKTCRN6SnZLX4rv - SERVER_SSL_ENABLED=false - SERVER_SSL_KEY=config/certs/kib01.key - SERVER_SSL_CERTIFICATE=config/certs/kib01.crt - SERVER_SSL_KEYPASSPHRASE=testest123 - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/rootCA.pem configs: - source: key_config target: /usr/share/kibana/config/certs/kib01.key - source: crt_config target: /usr/share/kibana/config/certs/kib01.crt - source: root_config target: /usr/share/kibana/config/certs/rootCA.pem networks: - elastic volumes: - kibana:/usr/share/kibana/data deploy: labels: - com.df.notify=true - com.df.distribute=true - com.df.servicePath=/ - com.df.port=5601 - com.df.srcPort=80 apm-server: image: docker.elastic.co/apm/apm-server:${ELASTIC_VERSION:-7.7.0} hostname: "{{.Node.Hostname}}-apm-server" networks: - elastic command: > --strict.perms=false -e -E apm-server.rum.enabled=true -E setup.kibana.host=kibana:5601 -E setup.kibana.username=${ELASTICSEARCH_USERNAME} -E setup.kibana.password=${ELASTICSEARCH_PASSWORD} -E setup.template.settings.index.number_of_replicas=0 -E apm-server.kibana.enabled=true -E apm-server.kibana.host=kibana:5601 -E apm-server.kibana.username=${ELASTICSEARCH_USERNAME} -E apm-server.kibana.password=${ELASTICSEARCH_PASSWORD} -E output.elasticsearch.hosts=["elasticsearch:9200"] -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E xpack.monitoring.enabled=true deploy: labels: - com.df.notify=true - com.df.distribute=true - com.df.servicePath=/ - com.df.port=8200 - com.df.srcPort=8200 networks: elastic: external: true volumes: elasticsearch: kibana: configs: ls_config: file: $PWD/elk/logstash/config/pipeline/logstash.conf ||key_config: file: $PWD/keyskeys/kib01.key crt_config: file: $PWD/keyskeys/kib01.crt root_config: file: $PWD/keyskeys/rootCA.pem
0 results until now.
Can you please advise as to how I configure kibana to work with SSL?
By the way thx @shazChaudhry for the repo. It is very useful to me :)
Thanks in advance.
@wingerlion Please accept my apologies. I have never tried SSL with this repo.
I'm trying to add alerts but first I need to activate transport layer security. I have generated my self signed certificated using this bash
I have added the following SSL variables in Kibana Service:
docker.compose.yml
0 results until now.
Can you please advise as to how I configure kibana to work with SSL?
By the way thx @shazChaudhry for the repo. It is very useful to me :)
Thanks in advance.