This docker-compose project will assist with setting up and creating a ELK stack using either self-signed TLS certificates or using LetsEncrypt certificates for communications. In general you get HTTPS for all services.
Please checkout our WiKi for detailed explanation of the project structure, configuration settings, and more.
This project was built so that you can test and use built-in features under Elastic Security, like detections, signals, cases, and other features.
This docker-compose project will create the following Elastic containers based on version 7.12.0:
- Elasticsearch
- Logstash
- Kibana
- Packetbeat
- Filebeat
- Elastic Agent (Ubuntu 20.04)
- Metricbeat
In order to use this project, you must first include the following in a file named .env
. I have provided an example environment variable file here .env-example.
Copy or create your own
.env
from the provided example or from the code block below
ELK_VERSION=7.12.0
ELASTIC_USERNAME="elastic"
ELASTIC_PASSWORD="some_password"
# Configuration Variables
ELASTICSEARCH_HEAP="2g"
LOGSTASH_HEAP="1g"
PACKETBEAT_HEAP="256m"
FILEBEAT_HEAP="256m"
METRICBEAT_HEAP="256m"
XPACK_ENCRYPTION_KEY="somesuperlongstringlikethisoneMQBbtsynu4bV2uxLy"
# Self signed TLS certificates
CA_PASSWORD="some password"
CA_DAYS=3650
ELASTIC_DIR=/usr/share/elasticsearch
LOGSTASH_DIR=/usr/share/logstash
KIBANA_DIR=/usr/share/kibana
PACKETBEAT_DIR=/usr/share/packetbeat
FILEBEAT_DIR=/usr/share/filebeat
METRICBEAT_DIR=/usr/share/metricbeat
# Letsencrypt certificates
## Setting STAGING to true means it will generate self-signed certificates
## Setting STAGING to false means it will generate letsencrypt certificates
# STAGING=false
STAGING=true
# swag Configuration
#DOMAIN=mydomain.com
#SUBDOMAIN=kibana
#SUBFOLDER=kibana
#EMAIL=email@email.com
#TIMEZONE=America/Chicago
Note: You may need to change the size of the HEAP variables in the above configuration file based on your system requirements. The settings present are for a machine with 8GB of memory
Additionally, you must either clone this repository or download the entire repository in order to build and run these containers.
You can find more documentation about these settings in our WiKi
Before we build or create our containers we first need to create our keystore and certificates. You can do this using the docker-compose.setup.yml yaml file. If you run into issues you can see the associated documentation in our WiKi Page about Certificates or create an issue in this repository.
By default creation of self-signed certificates is used and makes the most sense when testing out this project. To do so you simply run the following command first:
docker-compose -f docker-compose.setup.yml run --rm certs
Please see our documentation about Setup using self-signed certificates.
If you are wanting to deploy this project in a production like environment, please see our documentation Setup using Letsencrypt.
Now, that you have your keys/certs and passwords set we can then just restart the containers by running:
docker-compose up -d
You should be able to login into the ELK stack and be on your way.
You can find additioanl information about the environments that are created on your Environment Details WiKi page.
Here is a walkthrough on setting up a production-like environment using LetsEncrypt.
You should be able to login into the ELK stack and be on your way.
You can find additioanl information about the environments that are created on your Environment Details WiKi page.
Please see our WiKi documentation for the most Common Issues I have seen through testing and usage of this project.
To remove all images from your system run: docker rmi $(docker images -a -q)
To remove all volumes from your system run: docker volume prune
This project provides a few (continually adding as needed & requested) helper scripts that assist with enabling specific features within Elastic Kibana SIEM featureset as well as adding test data to your Elasticsearch instance.
Please see our Enabling Features page in our Wiki
Below are a list of features that are being planned for future releases:
- Adding additional services from Elastic
- Adding certificate authentication for external usage
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning.
Please read CHANGELOG.md for details on features for a specific version of elk-tls-docker
- Josh Rickard - Initial work - MSAdministrator
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details