This is a very simple configuration of Elasticsearch and Kibana with a basic authentication
Elasticsearch version: elasticsearch-oss:6.2.3
Kibana version: kibana-oss:6.2.3
Also the script can create an additional instance of Filebeat to collect logs from nginx server
The vm.max_map_count kernel setting needs to be set to at least 262144 for production use. Depending on your platform:
The vm.max_map_count setting should be set permanently in /etc/sysctl.conf:
grep vm.max_map_count /etc/sysctl.conf
vm.max_map_count=262144In case if you don't see this line vm.max_map_count=262144 you have to add it to /etc/sysctl.conf
To apply the setting on a live system type:
sysctl -w vm.max_map_count=262144Reboot the server to apply this parameter as a permanent setting
git clone https://github.com/sharavara/elk.git
You have to change these variables:
BASEDIR=~/docker/xyz-elk # Folder for persistant data
CONF_INSTANCEPREFIX=xyz # Containers' names will be xyz-esnode, xyz-kibana and xyz-nginx
CONF_SERVERNAME=vsbook.local # server hostname
CONF_KIPORT=6601 # kibana's port
CONF_ESPORT=6602 # elasticsearch's port
CONF_TIMEZONE="TZ=Asia/Ho_Chi_Minh" # your timezone
ESADMIN=esadm # elasticsearch user
ESPASSWD=p@sswd # not longer that 8 characters
KIADMIN=kiadm # kibana user
KIPASSWD=p@sswd # not longer that 8 characters
FILEBEAT=false # filebeat container for ngnix monitoring and predefined dashboardsIf a variable FILEBEAT is true this script will create an additional container with filebeat:6.2.4 instance.
This instance will create default dashboadrs for the different systems and will start to collect logs from nginx container
chmod 750 create-instance.sh
./create-instance.sh docker-compose stopdocker-compose up -ddocker-compose restartdocker-compose rmDo not forget delete the persistent data if it don't need you anymore.
In case of the host with elasticsearch is unreachable then check the firewall settings
CentOS:
sudo firewall-cmd --zone=public --add-port=6602/tcp