This repository contains a docker-compose.yml file that sets up an Elastic Stack environment locally using Docker Desktop on Windows. It includes:
- 3 Elasticsearch containers (master + 2 data nodes)
- Kibana
- Fleet Server
- Docker Desktop (tested on Windows)
- Docker Compose v2+
To start the Elastic Stack:
docker compose upMake sure Docker Desktop is running before executing any commands.
Once the containers are up, you can access Kibana at:
To allow the Fleet Server to join the stack, you must manually add a Fleet Agent policy in Kibana:
- Go to Fleet under Management in Kibana.
- Create a new Agent policy with the following details:
- Policy Name:
fleet-server-policy - Fleet Server host URL:
https://localhost:8220
(Or use the URL defined in yourdocker-compose.ymlif modified)
- Policy Name:
- Save the policy.
❗ Important: Change all default passwords in the
docker-compose.ymlfile before using this in any shared or production-like environment.
When adding a new Elastic Agent to Fleet:
-
Download the
ca.crtfile from theelastic_certsDocker Volume:docker cp $(docker volume inspect --format '{{ .Mountpoint }}' elastic_certs)/ca/ca.crt ./ca.crt -
Install
ca.crtas a trusted root certificate on the host where the Elastic Agent is running:
- Windows: Use Certificates Manager (
certmgr.msc) to import the certificate into Trusted Root Certification Authorities. - Linux/macOS: Follow your OS-specific procedure to trust a custom root CA (e.g., place the cert in
/usr/local/share/ca-certificates/and runupdate-ca-certificateson Debian-based systems).
.
├── docker-compose.yml
├── .env
└── README.md
- This setup is intended for local development/testing only.
- Tested exclusively on Docker Desktop for Windows.
- Not suitable for production without:
- Securing all passwords and credentials
- Managing TLS certificates correctly
- Enabling proper network security
- Refer to the official Elastic documentation for hardening and deployment best practices.
To stop and remove all containers and volumes, run:
docker compose down -v