Change nameserver

[Kottare]

Hi,
So far i've configured ELK stack with Fleet server and its working but I have one question.
Is it possible to change hostnames?
I dont want to add to hosts.cfg ip and names for fleetserver/elasticserver I want to assign them address like elasticsearch.MYDOMAIN.

I have proxy-manager and will forward domain to this IP, but without domain name i cannot do it.

[antoineco]

@Kottare this question is very generic. Here are a few things that need to be clarified:

• Do you have a DNS infrastructure in place to resolve MYDOMAIN?
• Is proxy-manager running on the same host as the Elastic stack? If yes, just attach it to the docker-elk network and it will be able to resolve internal service names such as elasticsearch (check the output of docker network ls to get the network name and id)

[Kottare]

Hi,

1. Yes, I have.
2. No, my NPM is installed on other VM.

At this point I have figure how to change all stuff in fleet server settings and have correct FQDN.
Agents seems to connect to server, but in CPU/memory I have N/A - thats mean they still have problem to connect to elasticsearch even if in ouputs settings I have "https://elasticsearch.DOMAIN:9200:"

I've enrolled agents aswell.

Edit:

It have something to with "elasticsearch.hosts" in kibana.yml config.
When I put only elasticsearch:9200 it starts, whenever I change it for elasticsearch.domain:9200 it crashes and I see "kibana server is not ready yet" and in docker logs i can see:
Unable to retrieve version information from Elasticsearch nodes. Hostname/IP does not match certificate's altnames: Host: elasticsearch.XXX. is not in the cert's altnames: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:elasticsearch
To be honest it may be a very easy problem, but i'm still newbie with dockers and learning them.

[antoineco]

All you need is create one domain name for the ELK host really, something like elk.MYDOMAIN.

Then, configure your proxy with the following backends:

• https://kibana.MYDOMAIN -> http://elk.MYDOMAIN:5600
• https://elasticsearch.MYDOMAIN -> http://elk.MYDOMAIN:9200
• https://fleet.MYDOMAIN -> http://elk.MYDOMAIN:8200
  etc.

Keep using internal names within the stack wherever possible, but announce Fleet with a public URL to the agents here:

docker-elk/kibana/config/kibana.yml

Line 33 in eeb8026

xpack.fleet.agents.fleet_server.hosts: [ http://fleet-server:8220 ]

This should be enough.
Like you said, it might be necessary to announce an Elasticsearch URL with a public URL too, but I'm pretty sure most agents don't require this.

[Kottare]

Thanks for your advise, I've fixed it with modification.
For people who will look for resolution:

1. Installed nginx on machine with docker-stack
2. Reverse proxy for ip from docker network to :9200
3. On Proxy-manager create record to elasticsearch.domain:9200