How to start a Elasticsearch Docker Container with SSL/TLS encryption
In this story you will learn how to start a Elasticsearch Docker container with two nodes and SSL/TLS encryption. We will use Docker Compose to manage the containers.
Preparing the Environment
Let’s get started by creating an empty directory and creating the following files inside it:
You can find all these files in my Github Repository.
instances.yml:
This file will be used by elasticsearch-certutil to create our certificates.
.env:
This file holds the environment variables:
- The first variable is used by Docker Compose as a prefix for all volumes and networks created by docker-compose.
- The second variable is the path inside the container where the certificates are kept.
- The third variable is the password to your Elasticsearch Instance. Don’t forget to change it 🙂
create-certs.yml:
Docker compose file to create a volume certs using elasticsearch-certutil with the certificates.
And finally docker-compose.yml:
This is the Docker Compose file responsible for managing our two nodes of Elasticsearch. You can see they use the Docker Elasticsearch image provided by the Elastic team and already have a series of properties related to SSL and TLS defined.
I’m very happy you got to this part of the story, I‘m truly thankful for this.
Support my work: follow me and clap to this story.
Running everything
Cool! Now that we have our environment set, let’s get everything running.
Let’s first create our volume with our certificates by running:
docker-compose -f create-certs.yml run --rm create_certsThis only needs to be run once. Our container will run, create our certificates inside a volume and then our container will be removed.
Now, let’s run our Elasticsearch Cluster by running:
docker-compose up -dThis will load up our two containers, which will use the volume we created previously. We can see in the Docker dashboard that they are actually running:
Cool! Everything is running now! Let’s test it by downloading our certificate:
docker cp es01:/usr/share/elasticsearch/config/certificates/ca/ca.crt /tmpWhich will be saved in our tmp/ca.crt path. Then we can do a GET request:
curl --cacert /tmp/ca.crt -u elastic:PleaseChangeMe https://localhost:9200And we should have a response like:
And that’s it! I hope you have enjoyed this tutorial. See you next time!
Contribute
Writing takes time and effort. I love writing and sharing knowledge, but I also have bills to pay. If you like my work, please, consider donating through Buy Me a Coffee: https://www.buymeacoffee.com/RaphaelDeLio
Or by sending me BitCoin: 1HjG7pmghg3Z8RATH4aiUWr156BGafJ6Zw
Follow Me on Social Media
Stay connected and dive deeper into the world of Elasticsearch with me! Follow my journey across all major social platforms for exclusive content, tips, and discussions.
