Skip to content
/ docker-elk Public
forked from willdurand/docker-elk

Based on willdurand's docker image, this images adds the patches for ssl client cert validation

registry.hub.docker.com/u/willdurand/elk/
0 stars 73 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

atroo/docker-elk

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
etc/supervisor/conf.d
etc/supervisor/conf.d
 
 
patches
patches
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Elasticsearch. Logstash. Kibana.

Creating an ELK stack could not be easier.

Important: this image embeds Kibana 4.0. If you want to use Kibana 3.1.0, you should rather use the kibana-3.1.0 branch and its corresponding Docker tag.

Quick Start

$ docker run -p 8080:80 \
    -v /path/to/your/logstash/config:/etc/logstash \
    willdurand/elk

Then, browse: http://localhost:8080 (replace localhost with your public IP address).

Your logstash configuration directory MUST contain at least one logstash configuration file. If several files are found in the configuration directory, logstash will use all of them, concatenated in lexicographical order, as the configuration.

Fig Configuration

elk:
  image: willdurand/elk
  ports:
    - "8080:80"
  volumes:
    - /path/to/your/logstash/config:/etc/logstash

Data

Elasticsearch data are located in the /data folder. It is probably a good idea to mount a volume in order to preserve data integrity. You can create a data only container:

$ docker run -d -v /data --name dataelk busybox

Then, use it:

$ docker run -p 8080:80 \
    -v /path/to/your/logstash/config:/etc/logstash \
    --volumes-from dataelk \
    willdurand/elk

If you want to rely on the logstash agent for processing files, you have to mount volumes as well, but you should rather only send logs to this container.

Fig Configuration

elk:
  image: willdurand/elk
  ports:
    - "8080:80"
  volumes:
    - /path/to/your/logstash/config:/etc/logstash
  volumes_from:
    - dataelk

dataelk:
  image: busybox
  volumes:
    - /data

Real Life Use Case

You can use this image to run an ELK stack that receives logs from your production servers, using Logstash Forwarder:

elk:
  image: willdurand/elk
  ports:
    - "80:80"
    - "XX.XX.XX.XX:5043:5043"
  volumes:
    - /path/to/your/ssl/files:/etc/ssl
    - /path/to/your/logstash/config:/etc/logstash
  volumes_from:
    - dataelk

dataelk:
  image: busybox
  volumes:
    - /data

Note that the 5043 port is binded to a private IP address in this case, which is recommended. Kibana is publicly available though.

Your logstash configuration SHOULD contain the following input definition:

input {
  lumberjack {
    port => 5043
    ssl_certificate => "/etc/ssl/logstash-forwarder.crt"
    ssl_key => "/etc/ssl/logstash-forwarder.key"
  }
}

Extend It

One of the Docker best practices is to avoid mapping a host folder to a container volume. Instead of specifying a volume, it is recommended to use this image as base image and configure your own image.

About

Based on willdurand's docker image, this images adds the patches for ssl client cert validation

registry.hub.docker.com/u/willdurand/elk/

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%