Elastic Stack (ELK) Docker Composition, preconfigured with Security, Monitoring, and Tools; Up with a Single Command.
Suitable for Demoing, MVPs and small production deployments.
You can change Elastic Stack version by setting
.envfile and rebuild your images. Any version >= 8.0.0 is compatible with this template.
.envto configure your entire stack parameters.
And comparing Elastdocker and the popular deviantony/docker-elk
One of the most popular ELK on Docker repositories is the awesome deviantony/docker-elk.
Elastdocker differs from
deviantony/docker-elk in the following points.
Security enabled by default using Basic license, not Trial.
Persisting data by default in a volume.
Run in Production Mode (by enabling SSL on Transport Layer, and add initial master node settings).
Persisting Generated Keystore, and create an extendable script that makes it easier to recreate it every-time the container is created.
Parameterize credentials in .env instead of hardcoding
elastich:changeme in every component config.
Parameterize all other Config like Heap Size.
Add recommended environment configurations as Ulimits and Swap disable to the docker-compose.
Make it ready to be extended into a multinode cluster.
Configuring the Self-Monitoring and the Filebeat agent that ship ELK logs to ELK itself. (as a step to shipping it to a monitoring cluster in the future).
Configured tools and Prometheus Exporters.
The Makefile that simplifies everything into some simple commands.
Clone the Repository
git clone https://github.com/sherifabdlnaby/elastdocker.git
Initialize Elasticsearch Keystore and TLS Self-Signed Certificates
$ make setup
For Linux's docker hosts only. By default virtual memory is not enough so run the next command as root
sysctl -w vm.max_map_count=262144
Start Elastic Stack
$ make elk <OR> $ docker-compose up -d
Visit Kibana at https://localhost:5601 or
- Notice that Kibana is configured to use HTTPS, so you'll need to write
localhost:5601in the browser.
.envfile for your needs, most importantly
ELASTIC_PASSWORDthat setup your superuser
LOGSTASH_HEAPfor Elasticsearch & Logstash Heap Size.
Whatever your Host (e.g AWS EC2, Azure, DigitalOcean, or on-premise server), once you expose your host to the network, ELK component will be accessible on their respective ports. Since the enabled TLS uses a self-signed certificate, it is recommended to SSL-Terminate public traffic using your signed certificates.
To start ingesting logs, you can start by running
make collect-docker-logswhich will collect your host's container logs.
$ make monitoring
$ make tools
$ make collect-docker-logs
$ make all
$ make nodes
$ make build
$ make down
$ make prune
elastic's password (default:
ELK_VERSIONElastic Stack Version (default:
ELASTICSEARCH_HEAP, how much Elasticsearch allocate from memory (default: 1GB -good for development only-)
LOGSTASH_HEAP, how much Logstash allocate from memory.
You can extend the Keystore generation script by adding keys to
./setup/keystore.sh script. (e.g Add S3 Snapshot Repository Credentials)
To Re-generate Keystore:
Elasticsearch HTTP layer is using SSL, thus mean you need to configure your elasticsearch clients with the
secrets/certs/ca/ca.crt, or configure client to ignore SSL Certificate Verification (e.g
Adding Two Extra Nodes to the cluster will make the cluster depending on them and won't start without them again.
Makefile is a wrapper around
Docker-Compose commands, use
make help to know every command.
Elasticsearch will save its data to a volume named
Elasticsearch Keystore (that contains passwords and credentials) and SSL Certificate are generated in the
./secrets directory by the setup command.
Make sure to run
make setup if you changed
ELASTIC_PASSWORD and to restart the stack afterwards.
For Linux Users it's recommended to set the following configuration (run as
sysctl -w vm.max_map_count=262144
By default, Virtual Memory is not enough.
Head to Stack Monitoring tab in Kibana to see cluster metrics for all stack components.
In Production, cluster metrics should be shipped to another dedicated monitoring cluster.
If you started Prometheus Exporters using
make monitoring command. Prometheus Exporters will expose metrics at the following ports.
|Prometheus Exporter||Port||Recommended Grafana Dashboard|
||Elasticsearch by Kristian Jensen|
||logstash-monitoring by dpavlos|
MIT License Copyright (c) 2020 Sherif Abdel-Naby
PR(s) are Open and Welcomed.