Enable Authentication in Elasticsearch with docker environment variable
Solution 1
Elasticsearch security features that come with Xpack are not for free, there is a trial version for a month and then a paid version.
But according to this elastic blog, it is for free starting in versions (6.8.0 and 7.1.0).
I write this answer to activate free Elasticsearch security features with docker-compose.
Remember that when using the below code, both Kibana and Elasticsearch node are secure with username and password, so rest client that access Elasticsearch must have the credential, this answer will help.
That's my code:
version: '3'
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
command: >
bash -c '
if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
fi;
chown -R 1000:0 /usr/share/elasticsearch/config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['certs:/usr/share/elasticsearch/config/certificates']
elasticsearch:
container_name: elasticsearch
depends_on: [create_certs]
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=MyPassword # password for default user: elastic
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates']
ulimits:
nofile:
soft: 65536
hard: 65536
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
kibana:
container_name: kibana
depends_on: [elasticsearch]
image: docker.elastic.co/kibana/kibana:6.8.0
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=MyPassword
ports:
- "5601:5601"
volumes: {"esdata", "certs"}
Solution 2
Enable Security in Elasticsearch using docker
Update the environment variables t enable true
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
Here is the sample, docker-compose.yml
file for the elasticseaarch and kibana
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
container_name: elasticsearch
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
ports:
- 9200:9200
- 9300:9300
networks:
- elastic
kibana:
image: docker.elastic.co/kibana/kibana:7.16.2
container_name: kibana
environment:
- ELASTICSEARCH_URL="http://elasticsearch:9200"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
links:
- elasticsearch
ports:
- 5601:5601
networks:
- elastic
depends_on:
- elasticsearch
networks:
elastic:
driver: bridge
Solution 3
Maybe I came too late... but I had this problem today and digging found tha you don't have to set the user, just the password. This is the docker-compose file
version: '3.6'
services:
elasticsearchNode:
image: elasticsearch:$STACK_VERSION
container_name: elasticsearchNode
environment:
discovery.type: 'single-node'
ELASTIC_PASSWORD: $ELK_PASS
cluster.name: 'dockercluster'
node.name: 'node-master'
bootstrap.memory_lock: 'true'
ES_JAVA_OPTS: '-Xms512m -Xmx512m'
xpack.security.enabled: 'true'
ports:
- 9200:9200
- 9300:9300
networks:
- docker_elk_node
volumes:
esdataNode:
networks:
docker_elk_node:
and the .env file
COMPOSE_PROJECT_NAME=es
STACK_VERSION=7.6.0
ELK_PASS=MyPassWord
Solution 4
Change elasticsearch environment to "ELASTIC_USERNAME" and "ELASTIC_PASSWORD" for elasticsearch:7.14.0
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
container_name: elasticsearch
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
ports:
- 32769:9200
- 32770:9300
networks:
- elastic
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
container_name: kibana
environment:
- ELASTICSEARCH_URL="http://elasticsearch:9200"
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=MagicWord
- xpack.security.enabled=true
links:
- elasticsearch
ports:
- 5601:5601
networks:
- elastic
depends_on:
- elasticsearch
networks:
elastic:
driver: bridge
Solution 5
Attached is a simple configuration for elasticsearch > 7.x.
Elasticsearch expects the user "elastic".
elasticsearch:
container_name: search
image: elasticsearch:7.10.1
restart: always
ports:
- 9200:9200
- 9300:9300
environment:
- "discovery.type=single-node"
- xpack.security.enabled=true
- ELASTIC_PASSWORD=YOUR_PASSWORD
anne
Updated on June 11, 2022Comments
-
anne almost 2 years
I am using a Docker image of Elasticsearch v.6.2.4. My problem is that X-Pack is installed, but it is not asking for credentials.
I know that X-Pack is installed as you can see below:
-
Kevin Woblick over 4 yearsUnfortunately something must have changed for version 7. I get
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
errors after starting this exact stack. -
Eric M. about 2 yearsIt is not the case in this script, but I had the problem of the
failed to authenticate user [elastic]
even by provided the variable. TheELASTIC_PASSWORD
is used by docker-entrypoint.sh so if you overwrite thecommand
docker section to start with something else the password could not be set.