Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
D
docker-elk
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
JIRA
JIRA
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
段孔乐
docker-elk
Commits
d7f5deb6
Unverified
Commit
d7f5deb6
authored
Nov 26, 2019
by
Antoine Cotten
Committed by
GitHub
Nov 26, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clarify set up of built-in users (#450)
parent
6d16363f
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
5 deletions
+19
-5
README.md
README.md
+19
-5
No files found.
README.md
View file @
d7f5deb6
...
...
@@ -133,21 +133,35 @@ The stack is pre-configured with the following **privileged** bootstrap user:
*
password:
*changeme*
Although all stack components work out-of-the-box with this user, we strongly recommend using the unprivileged
[
built-in
users]
[
builtin-users
]
instead for increased security. Passwords for these users must be initialized:
users]
[
builtin-users
]
instead for increased security.
1.
Initialize passwords for built-in users
```
console
$
docker-compose
exec
-T
elasticsearch bin/elasticsearch-setup-passwords auto
--batch
```
Passwords for all 6 built-in users will be randomly generated. Take note of them and replace the
`elastic`
username with
`kibana`
and
`logstash_system`
inside the Kibana and Logstash configuration files respectively. See the
[
Configuration
](
#configuration
)
section below.
Passwords for all 6 built-in users will be randomly generated. Take note of them.
2.
Unset the bootstrap password (_optional_)
Remove the
`ELASTIC_PASSWORD`
environment variable from the
`elasticsearch`
service inside the Compose file
(
`docker-compose.yml`
). It is only used to initialize the keystore during the initial startup of Elasticsearch.
3.
Replace usernames and passwords in configuration files
Use the
`kibana`
user inside the Kibana configuration file (
`kibana/config/kibana.yml`
) and the
`logstash_system`
user
inside the Logstash configuration file (
`logstash/config/logstash.yml`
) in place of the existing
`elastic`
user.
Replace the password for the
`elastic`
user inside the Logstash pipeline file (
`logstash/pipeline/logstash.conf`
).
> :information_source: Do not use the `logstash_system` user inside the Logstash *pipeline* file, it does not have
> sufficient permissions to create indices. Follow the instructions at [Configuring Security in Logstash][ls-security]
> to create a user with suitable roles.
Restart Kibana and Logstash to apply the passwords you just wrote to the configuration files.
See also the
[
Configuration
](
#configuration
)
section below.
4.
Restart Kibana and Logstash to apply changes
```
console
$
docker-compose restart kibana logstash
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
