stackoom
  简体   繁体   中英

How to set up default 'elastic' user password while running official Elasticsearch docker image?

 原文  2017-08-21 16:10:08       elasticsearch/ docker/ docker-compose/ elasticsearch-x-pack

Question

I want to use official Elasticsearch docker image via docker-compose.yml as official documentation suggests:

My simplified docker-compose.yml looks like the following: 

version: '2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.5.2
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ports:
      - 9200:9200

By default after running docker-compose up I have user elastic being created with default password changeme . As documentation suggests I may change user password by calling: 

curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"
}'

But this would require additional step while running Docker image.

Is there a way to configure default elastic user password during docker-compose up command? Maybe through environment variables somehow or via elasticsearch.yml configuration file?

I could create my own image as a wrapper on top of docker.elastic.co/elasticsearch/elasticsearch:5.5.2 image and RUN curl ... command as a part of related Dockerfile but it seems like overhead to me to create my own version of Elasticsearch image just to configure elastic user password...

1 answers

solution1
 3 ACCPTED  2017-10-05 08:32:12

The solution that worked for me was to put nginx proxy container with basic authentication in front of elasticsearch container. Nginx config may look something like: 

upstream elasticsearch {
    server elasticsearch:9200;
}

server {
    listen 80;
    server_name server.name.com;

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

    location / {
        proxy_pass http://elasticsearch;
        proxy_redirect off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
    }
}

Where .htpasswd contains user name and encrypted user password (you may use even online services to generate it like http://www.htaccesstools.com/htpasswd-generator/ ).

Other than that you may just buy a licence for X-pack/Shield and use it instead if you wish.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Elastic user password is not working for my docker image Elastic 6 on docker : can not set a password How to use the official docker elasticsearch container? How to change default elasticsearch password in docker-compose? What is the default user and password for elasticsearch? Cannot set password for elastic user How to set a proxy in official Elasticsearch PHP client? How to set ttl for elasticsearch with the official nodejs library? How to modify the password of elasticsearch in docker How to set port number for Elasticsearch running in Docker in host network mode
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM