CODEWITHSUNDEEP
elasticsearchdockerdocker-composeelasticsearch-x-pack
Oleksii Trekhleb
Oleksii Trekhleb

Reputation: 2773

How to set up default 'elastic' user password while running official Elasticsearch docker image?

I want to use official Elasticsearch docker image via docker-compose.yml as official documentation suggests:

My simplified docker-compose.yml looks like the following:

version: '2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.5.2
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ports:
      - 9200:9200

By default after running docker-compose up I have user elasticbeing created with default password changeme. As documentation suggests I may change user password by calling:

curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"
}'

But this would require additional step while running Docker image.

Is there a way to configure default elastic user password during docker-compose up command? Maybe through environment variables somehow or via elasticsearch.yml configuration file?

I could create my own image as a wrapper on top of docker.elastic.co/elasticsearch/elasticsearch:5.5.2 image and RUN curl ... command as a part of related Dockerfile but it seems like overhead to me to create my own version of Elasticsearch image just to configure elastic user password...

Upvotes: 3

Views: 4554

Answers (1)

Oleksii Trekhleb
Oleksii Trekhleb

Reputation: 2773

The solution that worked for me was to put nginx proxy container with basic authentication in front of elasticsearch container. Nginx config may look something like:

upstream elasticsearch {
    server elasticsearch:9200;
}

server {
    listen 80;
    server_name server.name.com;

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

    location / {
        proxy_pass http://elasticsearch;
        proxy_redirect off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
    }
}

Where .htpasswd contains user name and encrypted user password (you may use even online services to generate it like http://www.htaccesstools.com/htpasswd-generator/).

Other than that you may just buy a license for X-pack/Shield and use it instead if you wish.

Upvotes: 4

Related Questions