deviantony/docker-elk

Change nameserver

Kottare opened this issue · 4 comments

Kottare commented

Hi,
So far i've configured ELK stack with Fleet server and its working but I have one question.
Is it possible to change hostnames?
I dont want to add to hosts.cfg ip and names for fleetserver/elasticserver I want to assign them address like elasticsearch.MYDOMAIN.

I have proxy-manager and will forward domain to this IP, but without domain name i cannot do it.

antoineco commented

@Kottare this question is very generic. Here are a few things that need to be clarified:

  • Do you have a DNS infrastructure in place to resolve MYDOMAIN?
  • Is proxy-manager running on the same host as the Elastic stack? If yes, just attach it to the docker-elk network and it will be able to resolve internal service names such as elasticsearch (check the output of docker network ls to get the network name and id)
Kottare commented

Hi,

  1. Yes, I have.
  2. No, my NPM is installed on other VM.

At this point I have figure how to change all stuff in fleet server settings and have correct FQDN.
Agents seems to connect to server, but in CPU/memory I have N/A - thats mean they still have problem to connect to elasticsearch even if in ouputs settings I have "https://elasticsearch.DOMAIN:9200:"

I've enrolled agents aswell.

Edit:

It have something to with "elasticsearch.hosts" in kibana.yml config.
When I put only elasticsearch:9200 it starts, whenever I change it for elasticsearch.domain:9200 it crashes and I see "kibana server is not ready yet" and in docker logs i can see:
Unable to retrieve version information from Elasticsearch nodes. Hostname/IP does not match certificate's altnames: Host: elasticsearch.XXX. is not in the cert's altnames: DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:elasticsearch
To be honest it may be a very easy problem, but i'm still newbie with dockers and learning them.

antoineco commented

All you need is create one domain name for the ELK host really, something like elk.MYDOMAIN.

Then, configure your proxy with the following backends:

  • https://kibana.MYDOMAIN -> http://elk.MYDOMAIN:5600
  • https://elasticsearch.MYDOMAIN -> http://elk.MYDOMAIN:9200
  • https://fleet.MYDOMAIN -> http://elk.MYDOMAIN:8200
    etc.

Keep using internal names within the stack wherever possible, but announce Fleet with a public URL to the agents here:

docker-elk/kibana/config/kibana.yml

Line 33 in eeb8026

xpack.fleet.agents.fleet_server.hosts: [ http://fleet-server:8220 ]

This should be enough.
Like you said, it might be necessary to announce an Elasticsearch URL with a public URL too, but I'm pretty sure most agents don't require this.

Kottare commented

Thanks for your advise, I've fixed it with modification.
For people who will look for resolution:

  1. Installed nginx on machine with docker-stack
  2. Reverse proxy for ip from docker network to :9200
  3. On Proxy-manager create record to elasticsearch.domain:9200