Skip to content

Setup using Letsencrypt

Jump to bottom
Josh Rickard edited this page Nov 23, 2020 · 6 revisions

Setting up elk-tls-docker using LetsEncrypt & Swag

This documentation relates to the setup of elk-tls-docker using LetsEncrypt certificates as well as nginx and other services provided by swag.

This documentation will setup external access using LetsEncrypt certificates and will be accessed via a subdomain. e.g. kibana.domain.com

Requirements

In order to use LetsEncrypt certificates for elk-tls-docker you must have the following requirements met:

NOTE: I will be using digitalocean.com as an example throughout this documentation.

  • A registered domain name
  • DNS Records setup correctly and pointing to your host IP
    • Nameservers pointing to your hosting environment
    • A record pointing to your systems IP
    • CNAME record created for subdomain configuration
  • A Ubunutu or other host system that can run docker and docker-compose

Walkthrough

You can find a detailed example walkthrough here.

.env variable setup

Within your .env file you need to set STAGING to false. You can find more information about the .env here: Environment Variables

Configuring Swag

In order to use swag we must also ensure we have the correct variables in our .env so that LetsEncrypt and swag know who to register our certificate with and to what domain (and subdomains).

Ensure you have defined the following variables in our .env:

DOMAIN=company.us
SUBDOMAIN=kibana
EMAIL=email@company.us
TIMEZONE=America/Chicago

Running elk-tls-docker

There are a few steps that must be taken in order to get LetsEncrypt certificates working and pointing to your domain. Below is the list of these steps:

NOTE: A detailed example walkthrough of the steps below can be found here.

  1. Run docker-compose -f docker-compose.setup.yml run --rm certs Example
  2. Run docker-compose -f docker-compose.production.yml up Example
  3. Run docker-compose down or press ctrl + x/c Example
  4. Run docker-compose -f docker-compose.setup.yml run --rm certs (again) Example
  5. Run docker-compose -f docker-compose.production.yml up -d (again) Example

Access

You should now be able to access Kibana at your domain by going to your browser and entering:

https://kibana.company.us

Feedback

As always, feedback, additions, and edits are always welcome. Please submit a pull request or create an issue in this repository.

Enjoy!

Clone this wiki locally