I'm currently responsible for technology at Peaks.
khezen / docker-kibana Goto Github PK
View Code? Open in Web Editor NEWKibana Docker image including search-guard
License: MIT License
Kibana Docker image including search-guard
License: MIT License
I'm currently responsible for technology at Peaks.
Last uploaded version of kibana in https://hub.docker.com/r/khezen/kibana is 6.2.2
And readme looks old.
Configure Kibana
Configuration file is located in /etc/kibana/kibana.yml if you follow the same volume mapping as in docker-compose examples above.
You can find default config there.
=> Under "there" (the last) word the link is broken.
Hey, I am working with image(docker.elastic.co/elasticsearch/elasticsearch:5.5.2) along nginx reverse proxy and kibana (khezen/kibana:5) with searchguard enabled,
but kibana has stopped working, there are no issues with the docker container, just that kibana is stalling for elasticsearch, Could you please help me know if I am missing any settings/configurations?
If this is not possible, are there any chances to configure elasticsearch in such a way that it works on pem certificates instead of keystore and trustore, So I'll be able to use your image of elasticsearch instead.
elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
xpack.security.enabled: false
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.watcher.enabled: false
default.conf
server {
listen 80;
access_log /var/log/nginx/nginx.access.log;
error_log /var/log/nginx/nginx.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://elasticsearch:9200;
proxy_read_timeout 90;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
proxy_set_header X-PROXY-USER $remote_user;
proxy_set_header Authorization "";
}
}
kibana.yml
server.port: 5601
server.host: '0.0.0.0'
elasticsearch.url: 'http://elasticsearch:9200'
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"
searchguard.cookie.password: "defaultcookie"
elasticsearch.ssl.verificationMode: "certificate"
elasticsearch.requestHeadersWhitelist: [ "authorization", "x-forwarded-for", "x-forwarded-by", "x-proxy-user", "x-proxy-roles" ]
I tried running
docker run -d -p 5601:5601 khezen/kibana:latest
not able to see any anything on http://localhost:5601 ? same is the case with "elasticsearch docker image as well ?"
I am using MacOS not sure what may be the issue any help would be great.
Perhaps I am missing something, but when I try to run kibana and actually get to connect with the elastic instance the container crashes and the following error is given on docker logs
Stalling for Elasticsearch...
$@
{"type":"log","@timestamp":"2018-02-14T03:21:04Z","tags":["status","plugin:[email protected]","info"],"pid":16,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"error","@timestamp":"2018-02-14T03:21:04Z","tags":["fatal"],"pid":16,"level":"fatal","error":{"message":"ENOENT: no such file or directory, open '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem'","name":"Error","stack":"Error: ENOENT: no such file or directory, open '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem'\n at Error (native)\n at Object.fs.openSync (fs.js:641:18)\n at fs.readFileSync (fs.js:509:33)\n at readFile (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:29:47)\n at Array.map (native)\n at parseConfig (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:73:61)\n at Cluster.createClient.configOverrides [as createClient] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:108:85)\n at new Cluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:40:25)\n at Object.create [as createCluster] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_clusters.js:55:23)\n at createDataCluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_data_cluster.js:34:32)\n at ScopedPlugin.init [as externalInit] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/index.js:107:50)\n at ScopedPlugin.tryCatcher (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/util.js:26:23)\n at Promise.attempt.Promise.try (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/method.js:30:24)\n at /opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:196:46\n at next (native)\n at step (/opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:25:191)","code":"ENOENT"},"message":"ENOENT: no such file or directory, open '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem'"}
FATAL { Error: ENOENT: no such file or directory, open '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem'
at Error (native)
at Object.fs.openSync (fs.js:641:18)
at fs.readFileSync (fs.js:509:33)
at readFile (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:29:47)
at Array.map (native)
at parseConfig (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:73:61)
at Cluster.createClient.configOverrides [as createClient] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:108:85)
at new Cluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:40:25)
at Object.create [as createCluster] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_clusters.js:55:23)
at createDataCluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_data_cluster.js:34:32)
at ScopedPlugin.init [as externalInit] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/index.js:107:50)
at ScopedPlugin.tryCatcher (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/util.js:26:23)
at Promise.attempt.Promise.try (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/method.js:30:24)
at /opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:196:46
at next (native)
at step (/opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:25:191)
cause:
{ Error: ENOENT: no such file or directory, open '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem'
at Error (native)
at Object.fs.openSync (fs.js:641:18)
at fs.readFileSync (fs.js:509:33)
at readFile (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:29:47)
at Array.map (native)
at parseConfig (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/parse_config.js:73:61)
at Cluster.createClient.configOverrides [as createClient] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:108:85)
at new Cluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/cluster.js:40:25)
at Object.create [as createCluster] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_clusters.js:55:23)
at createDataCluster (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/lib/create_data_cluster.js:34:32)
at ScopedPlugin.init [as externalInit] (/opt/kibana-6.1.1-linux-x86_64/src/core_plugins/elasticsearch/index.js:107:50)
at ScopedPlugin.tryCatcher (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/util.js:26:23)
at Promise.attempt.Promise.try (/opt/kibana-6.1.1-linux-x86_64/node_modules/bluebird/js/main/method.js:30:24)
at /opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:196:46
at next (native)
at step (/opt/kibana-6.1.1-linux-x86_64/src/server/plugins/plugin.js:25:191)
errno: -2,
code: 'ENOENT',
syscall: 'open',
path: '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem' },
isOperational: true,
errno: -2,
code: 'ENOENT',
syscall: 'open',
path: '/etc/elasticsearch/searchguard/ssl/ca/root-ca.pem' }
I logged into the container and cannot find the file /etc/elasticsearch/searchguard/ssl/ca/root-ca.pem
Is this file supposed to be there? I would assume yes, was I supposed to have this file sitting there?
Please help.
I am running Elasticsearch like so: (working fine)
docker run -d --name elasticsearch --security-opt apparmor=unconfined -v /data/elasticsearch-data:/elasticsearch/data -v /data/elasticsearch-config/elasticsearch.yml:/elasticsearch/config/elasticsearch.yml -p 9200:9200 -p 9300:9300 -e ELASTIC_PWD=xxx -e KIBANA_PWD=xxx -e LOGSTASH_PWD=xxx -e BEATS_PWD=xxx khezen/elasticsearch:latest
but Kibana cannot connect to the above Elasticsearch container using
docker run -d --name kibana --security-opt apparmor=unconfined -v /data/elasticsearch-data:/elasticsearch/data -v /data/elasticsearch-config/elasticsearch.yml:/elasticsearch/config/elasticsearch.yml -p 5601:5601 khezen/kibana:latest ELASTICSEARCH_HOST=<my-server-ip> ELASTICSEARCH_PORT=9200 KIBANA_PWD=xxx
I tried all kinds of IPs of my server for ... no success. Sorry, I am new to this. No idea what needs to be done and there is not enough explained in this regards on the startpage of this repository.
Hello,
Is multitenancy supported ? I have tried to add multitenancy config in kibana.yml and sg_config.yml but it is still disabled when i start kibana.
kibana.yml
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: false
searchguard.multitenancy.tenants.enable_private: false
sg_config.yml
searchguard:
dynamic:
kibana:
multitenancy_enabled: true
server_username: kibanaserver
index: '.kibana'
do_not_fail_on_forbidden: true
Hi khezen๏ผ thanks for your work on this very much.
i use the khezen/kibana and khezen/elasticsearch image with a test yml file and it is not work and say the following error. and it seems KIBANA_PWD, ELASTICSEARCH_HOST, ELASTICSEARCH_PORT settings not working.
kibana_1 | FATAL { ValidationError: child "elasticsearch" fails because [child "url" fails because ["url" must be a valid uri with a scheme matching the http|https pattern]]
kibana_1 | at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)
kibana_1 | at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)
kibana_1 | at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)
kibana_1 | at Config._commit (/usr/share/kibana/src/server/config/config.js:114:35)
kibana_1 | at Config.set (/usr/share/kibana/src/server/config/config.js:84:10)
kibana_1 | at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:57:10)
kibana_1 | at /usr/share/kibana/src/server/plugins/plugin_collection.js:19:12
kibana_1 | at next (native)
kibana_1 | at step (/usr/share/kibana/src/server/plugins/plugin_collection.js:49:191)
kibana_1 | at /usr/share/kibana/src/server/plugins/plugin_collection.js:49:361
kibana_1 | isJoi: true,
kibana_1 | name: 'ValidationError',
kibana_1 | details:
kibana_1 | [ { message: '"url" must be a valid uri with a scheme matching the http|https pattern',
kibana_1 | path: 'elasticsearch.url',
kibana_1 | type: 'string.uriCustomScheme',
kibana_1 | context: [Object] } ],
kibana_1 | _object:
kibana_1 | { pkg:
kibana_1 | { version: '5.6.3',
kibana_1 | branch: '5.6',
kibana_1 | buildNum: 15554,
kibana_1 | buildSha: 'f363a8fe7aeeb6a535e0bb43b3b1916f26ab3732' },
kibana_1 | dev: { basePathProxyTarget: 5603 },
kibana_1 | pid: { exclusive: false },
kibana_1 | cpu: undefined,
kibana_1 | cpuacct: undefined,
kibana_1 | server:
kibana_1 | { port: 5601,
kibana_1 | host: '0.0.0.0',
kibana_1 | name: '4b10955261d2',
kibana_1 | maxPayloadBytes: 1048576,
kibana_1 | autoListen: true,
kibana_1 | defaultRoute: '/app/kibana',
kibana_1 | basePath: '',
kibana_1 | customResponseHeaders: {},
kibana_1 | ssl: [Object],
kibana_1 | cors: false,
kibana_1 | xsrf: [Object] },
kibana_1 | logging:
kibana_1 | { silent: false,
kibana_1 | quiet: false,
kibana_1 | verbose: false,
kibana_1 | events: {},
kibana_1 | dest: 'stdout',
kibana_1 | filter: {},
kibana_1 | json: true },
kibana_1 | ops: { interval: 5000 },
kibana_1 | plugins: { scanDirs: [Object], paths: [], initialize: true },
kibana_1 | path: { data: '/var/lib/kibana' },
kibana_1 | optimize:
kibana_1 | { enabled: true,
kibana_1 | bundleFilter: '!tests',
kibana_1 | bundleDir: '/usr/share/kibana/optimize/bundles',
kibana_1 | viewCaching: true,
kibana_1 | lazy: false,
kibana_1 | lazyPort: 5602,
kibana_1 | lazyHost: 'localhost',
kibana_1 | lazyPrebuild: false,
kibana_1 | lazyProxyTimeout: 300000,
kibana_1 | useBundleCache: true,
kibana_1 | profile: false },
kibana_1 | status: { allowAnonymous: false, v6ApiFormat: false },
kibana_1 | map: { manifestServiceUrl: 'https://catalogue.maps.elastic.co/v1/manifest' },
kibana_1 | tilemap: { options: [Object] },
kibana_1 | regionmap: {},
kibana_1 | uiSettings: { enabled: true },
kibana_1 | i18n: { defaultLocale: 'en' },
kibana_1 | searchguard:
kibana_1 | { cookie: [Object],
kibana_1 | enabled: true,
kibana_1 | session: [Object],
kibana_1 | basicauth: [Object],
kibana_1 | multitenancy: [Object],
kibana_1 | jwt: [Object] },
kibana_1 | console: { enabled: true, proxyFilter: [Object], ssl: {} },
kibana_1 | elasticsearch:
kibana_1 | { url: 'https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}',
kibana_1 | username: 'kibana',
kibana_1 | password: '${KIBANA_PWD}',
kibana_1 | ssl: [Object] } },
kibana_1 | annotate: [Function] }
The yml file is as follow:
version: '2'
services:
kibana:
image: khezen/kibana
environment:
KIBANA_PWD: changeme
ELASTICSEARCH_HOST: elasticsearch
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_USERNAME: elastic
ELASTICSEARCH_PASSWORD: changeme
volumes:
- ./config/kibana:/etc/kibana
ports:
- "5601:5601"
links:
- elasticsearch
network_mode: bridge
restart: always
elasticsearch:
image: khezen/elasticsearch
environment:
ELASTIC_PWD: changeme
KIBANA_PWD: changeme
volumes:
- ./volumes/elasticsearch:/usr/share/elasticsearch/data
- ./config/elasticsearch:/usr/share/elasticsearch/config
ports:
- "9200:9200"
- "9300:9300"
network_mode: bridge
restart: always
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.