docker network create elastic # setup docker run --rm -it \ --net elastic \ --env-file .env \ --name setup \ --user 0 \ -v certs:/usr/share/elasticsearch/config/certs \ --entrypoint bash \ elasticsearch:9.1.3 docker run -it --rm \ --net elastic \ --env-file .env \ --name es01 \ --label co.elastic.logs/module=elasticsearch \ -v certs:/usr/share/elasticsearch/config/certs \ -v esdata01:/usr/share/elasticsearch/data \ -p 9200:9200 \ --env node.name=es01 \ --env cluster.name=docker-cluster \ --env discovery.type=single-node \ --env ELASTIC_PASSWORD=lSsAwEE1t1MacY \ --env bootstrap.memory_lock=true \ --env xpack.security.enabled=true \ --env xpack.security.http.ssl.enabled=true \ --env xpack.security.http.ssl.key=certs/es01/es01.key \ --env xpack.security.http.ssl.certificate=certs/es01/es01.crt \ --env xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt \ --env xpack.security.transport.ssl.enabled=true \ --env xpack.security.transport.ssl.key=certs/es01/es01.key \ --env xpack.security.transport.ssl.certificate=certs/es01/es01.crt \ --env xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt \ --env xpack.security.transport.ssl.verification_mode=certificate \ --env xpack.license.self_generated.type=basic \ --memory=6gb \ --ulimit memlock=-1:-1 \ elasticsearch:9.1.3 نکته‌ها: docker cp es01:/usr/share/elasticsearch/config/certs/ca/ca.crt . docker cp elk_stack-es01-1:/usr/share/elasticsearch/config/certs/ca/ca.crt . curl --cacert ./ca.crt -u elastic:lSsAwEE1t1MacY https://localhost:9200 docker run -it --rm \ --net elastic \ --env-file .env \ --name kibana \ --label co.elastic.logs/module=kibana \ -v certs:/usr/share/kibana/config/certs \ -v kibanadata:/usr/share/kibana/data \ -p 3112:5601 \ -e SERVERNAME=kibana \ -e ELASTICSEARCH_HOSTS=https://es01:9200 \ -e ELASTICSEARCH_USERNAME=kibana_system \ -e ELASTICSEARCH_PASSWORD=lSsAwEE1t1MacY \ -e ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt \ -e XPACK_SECURITY_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \ -e XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \ -e XPACK_REPORTING_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \ --memory 2073741824 \ kibana:9.1.3 # docker run -it --rm --name kib01 --net elastic -p 3112:5601 \ # -v certs:/usr/share/kibana/config/certs \ # -v kibanadata:/usr/share/kibana/data \ # kibana:9.1.3 docker run -it --rm --name filebeat \ --user root \ -v /var/lib/docker/volumes/elk_stack_certs/_data/ca/ca.crt:/usr/share/filebeat/certs/ca/ca.crt \ -v ./filebeatdata01:/usr/share/filebeat/data \ -v "./log/:/usr/share/filebeat/ingest_data/" \ -v "./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro" \ --env-file .env \ --entrypoint bash --add-host=es01:host-gateway \ elastic/filebeat:9.1.3 filebeat -e --strict.perms=false # https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-filestream#filebeat-input-filestream-ignore-older docker run --rm -it \ -v $PWD/vector.yaml:/etc/vector/vector.yaml:ro \ -v "./log/:/var/log/" \ -v /var/lib/docker/volumes/elk_stack_certs/_data/ca/ca.crt:/certs/ca/ca.crt \ -p 3114:8686 \ --name vector \ --add-host=es01:host-gateway \ --env-file .env \ timberio/vector:0.49.0-debian