Expose Elastic Stack outside of localhost #1981

jamesagarside · 2024-07-20T09:55:43Z

I've written a Makefile for exposing the Elastic Stack services outside of the host, I required this for testing but thought it might be helpful for others

# Inteface to accept traffic from
interface=ens192

forward-stack:
	

	$(eval AGENT_ID := $(shell docker container ps -aqf "name=elastic-package-stack-elastic-agent-1"))
	$(eval FLEET_ID := $(shell docker container ps -aqf "name=elastic-package-stack-fleet-server-1"))
	$(eval KIBANA_ID := $(shell docker container ps -aqf "name=elastic-package-stack-kibana-1"))
	$(eval ELASTICSEARCH_ID := $(shell docker container ps -aqf "name=elastic-package-stack-elasticsearch-1"))
	$(eval REGISTRY_ID := $(shell docker container ps -aqf "name=elastic-package-stack-package-registry-1"))

	$(eval AGENT_IP := $(shell docker inspect $(AGENT_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress'))
	$(eval FLEET_IP := $(shell docker inspect $(FLEET_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress'))
	$(eval KIBANA_IP := $(shell docker inspect $(KIBANA_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress'))
	$(eval ELASTICSEARCH_IP := $(shell docker inspect $(ELASTICSEARCH_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress'))
	$(eval REGISTRY_IP := $(shell docker inspect $(REGISTRY_ID) | jq -r '.[].NetworkSettings.Networks."elastic-package-stack_default".IPAddress'))
	
	sudo sysctl -w net.ipv4.ip_forward=1
	
	# Forward Fleet Server
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 8220 -j DNAT --to-destination $(FLEET_IP):8220
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(FLEET_IP) --dport 8220 -j MASQUERADE

	# Forward Kibana
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 5601 -j DNAT --to-destination $(KIBANA_IP):5601
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(KIBANA_IP) --dport 5601 -j MASQUERADE

	# Forward Elasticsearch
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9200 -j DNAT --to-destination $(ELASTICSEARCH_IP):9200
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(ELASTICSEARCH_IP) --dport 9200 -j MASQUERADE
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9300 -j DNAT --to-destination $(ELASTICSEARCH_IP):9300
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(ELASTICSEARCH_IP) --dport 9300 -j MASQUERADE

	# Forward Package Registry
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 8080 -j DNAT --to-destination $(REGISTRY_IP):8080
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(REGISTRY_IP) --dport 8080 -j MASQUERADE
	sudo iptables -t nat -A PREROUTING -i $(interface) -p tcp --dport 9000 -j DNAT --to-destination $(REGISTRY_IP):9000
	sudo iptables -t nat -A POSTROUTING -p tcp -d $(REGISTRY_IP) --dport 9000 -j MASQUERADE

The text was updated successfully, but these errors were encountered:

jamesagarside · 2024-07-21T11:24:09Z

Closing as it causes issues with the package repo

jamesagarside added documentation Improvements or additions to documentation discuss labels Jul 20, 2024

jamesagarside closed this as completed Jul 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expose Elastic Stack outside of localhost #1981

Expose Elastic Stack outside of localhost #1981

jamesagarside commented Jul 20, 2024 •

edited

Loading

jamesagarside commented Jul 21, 2024

Expose Elastic Stack outside of localhost #1981

Expose Elastic Stack outside of localhost #1981

Comments

jamesagarside commented Jul 20, 2024 • edited Loading

jamesagarside commented Jul 21, 2024

jamesagarside commented Jul 20, 2024 •

edited

Loading