I want to use official Elasticsearch docker image via docker-compose.yml as official documentation suggests:
My simplified docker-compose.yml looks like the following:
version: '2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.5.2
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ports:
- 9200:9200
By default after running docker-compose up
I have user elastic
being created with default password changeme
. As documentation suggests I may change user password by calling:
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
"password" : "elasticpassword"
}'
But this would require additional step while running Docker image.
Is there a way to configure default elastic
user password during docker-compose up
command? Maybe through environment variables somehow or via elasticsearch.yml
configuration file?
I could create my own image as a wrapper on top of docker.elastic.co/elasticsearch/elasticsearch:5.5.2
image and RUN
curl ...
command as a part of related Dockerfile but it seems like overhead to me to create my own version of Elasticsearch image just to configure elastic
user password...
The solution that worked for me was to put nginx proxy container with basic authentication in front of elasticsearch container. Nginx config may look something like:
upstream elasticsearch {
server elasticsearch:9200;
}
server {
listen 80;
server_name server.name.com;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
location / {
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
Where .htpasswd
contains user name and encrypted user password (you may use even online services to generate it like http://www.htaccesstools.com/htpasswd-generator/).
Other than that you may just buy a license for X-pack/Shield and use it instead if you wish.