Skip to content
This repository has been archived by the owner on May 3, 2024. It is now read-only.

Adding SSL to kibana for alerts #45

Open
wingerlion opened this issue Mar 1, 2021 · 1 comment
Open

Adding SSL to kibana for alerts #45

wingerlion opened this issue Mar 1, 2021 · 1 comment

Comments

@wingerlion
Copy link

wingerlion commented Mar 1, 2021

I'm trying to add alerts but first I need to activate transport layer security. I have generated my self signed certificated using this bash


#!/bin/bash

# Generate Root Key rootCA.key with 2048
openssl genrsa -passout pass:"$1" -des3 -out rootCA.key 2048

# Generate Root PEM (rootCA.pem) with 1024 days validity.
openssl req -passin pass:"$1" -subj "/C=US/ST=Random/L=Random/O=Global Security/OU=IT Department/CN=Local Certificate"  -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

# Add root cert as trusted cert
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
        # Linux
        yum -y install ca-certificates
        update-ca-trust force-enable
        cp rootCA.pem /etc/pki/ca-trust/source/anchors/
        update-ca-trust
        #meeting ES requirement
        sysctl -w vm.max_map_count=262144
elif [[ "$OSTYPE" == "darwin"* ]]; then
        # Mac OSX
        security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
else
        # Unknown.
        echo "Couldn't find desired Operating System. Exiting Now ......"
        exit 1
fi

# Generate Kib01 Cert
openssl req -subj "/C=US/ST=Random/L=Random/O=Global Security/OU=IT Department/CN=localhost"  -new -sha256 -nodes -out kib01.csr -newkey rsa:2048 -keyout kib01.key
openssl x509 -req -passin pass:"$1" -in kib01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out kib01.crt -days 500 -sha256 -extfile  <(printf "subjectAltName=DNS:localhost,DNS:kib01")

I have added the following SSL variables in Kibana Service:

  - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=Vss86whNwQrKjA3D8aKTCRN6SnZLX4rv
  - SERVER_SSL_ENABLED=false
  - SERVER_SSL_KEY=config/certs/kib01.key
  - SERVER_SSL_CERTIFICATE=config/certs/kib01.crt
  - SERVER_SSL_KEYPASSPHRASE=testest123
  - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/rootCA.pem

docker.compose.yml

version: "3.8"

# 10 Things to Consider When Planning Your Elasticsearch Project: https://ecmarchitect.com/archives/2015/07/27/4031
# Using Apache JMeter to Test Elasticsearch: https://ecmarchitect.com/archives/2014/09/02/3915

services:

  swarm-listener:
    image: dockerflow/docker-flow-swarm-listener:latest
    hostname: swarm-listener
    networks:
      - elastic
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - DF_NOTIFY_CREATE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/reconfigure
      - DF_NOTIFY_REMOVE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/remove
    deploy:
      placement:
        constraints: [node.role == manager]

  proxy:
    image: dockerflow/docker-flow-proxy:latest
    hostname: proxy
    ports:
      - "80:80"
      - "443:443"
      - "9200:9200"
      - "8200:8200"
    networks:
      - elastic
    environment:
      - LISTENER_ADDRESS=swarm-listener
      - MODE=swarm
      - BIND_PORTS=9200,8200
    deploy:
      replicas: 2

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.7.0}
    environment:
      # https://github.com/docker/swarmkit/issues/1951
      - node.name={{.Node.Hostname}}
      - discovery.seed_hosts=elasticsearch
      - cluster.initial_master_nodes=${INITIAL_MASTER_NODES:-node1}
      - cluster.name=DevOps
      - ELASTIC_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme}
      - xpack.security.enabled=true
      - xpack.monitoring.collection.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.license.self_generated.type=trial
      - network.host=0.0.0.0
    networks:
      - elastic
    volumes:
      - elasticsearch:/usr/share/elasticsearch/data
    deploy:
      mode: 'global'
      endpoint_mode: dnsrr
      labels:
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/
        - com.df.port=9200
        - com.df.srcPort=9200

  logstash:
    image: docker.elastic.co/logstash/logstash:${ELASTIC_VERSION:-7.7.0}
    hostname: "{{.Node.Hostname}}-logstash"
    environment:
      - XPACK_MONITORING_ELASTICSEARCH_URL=http://elasticsearch:9200
      - XPACK_MONITORING_ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME:-elastic}
      - XPACK_MONITORING_ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme}
    ports:
      - "12201:12201/udp"
    networks:
      - elastic
    configs:
      - source: ls_config
        _target: /usr/share/logstash/pipeline/logstash.conf

  kibana:
    image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION:-7.7.0}
    hostname: "{{.Node.Hostname}}-kibana"
    environment:
      - ELASTICSEARCH_URL=http://elasticsearch:9200
      - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME:-elastic}
      - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-changeme}
      - SERVER_NAME="{{.Node.Hostname}}-kibana"
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=Vss86whNwQrKjA3D8aKTCRN6SnZLX4rv
      - SERVER_SSL_ENABLED=false
      - SERVER_SSL_KEY=config/certs/kib01.key
      - SERVER_SSL_CERTIFICATE=config/certs/kib01.crt
      - SERVER_SSL_KEYPASSPHRASE=testest123
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/rootCA.pem
    configs:
      - source: key_config
        _target: /usr/share/kibana/config/certs/kib01.key
      - source: crt_config
        _target: /usr/share/kibana/config/certs/kib01.crt
      - source: root_config
        _target: /usr/share/kibana/config/certs/rootCA.pem
    networks:
      - elastic
    volumes:
      - kibana:/usr/share/kibana/data
    deploy:
      labels:
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/
        - com.df.port=5601
        - com.df.srcPort=80

  apm-server:
    image: docker.elastic.co/apm/apm-server:${ELASTIC_VERSION:-7.7.0}
    hostname: "{{.Node.Hostname}}-apm-server"
    networks:
      - elastic
    command: >
        --strict.perms=false -e
        -E apm-server.rum.enabled=true
        -E setup.kibana.host=kibana:5601
        -E setup.kibana.username=${ELASTICSEARCH_USERNAME}
        -E setup.kibana.password=${ELASTICSEARCH_PASSWORD}
        -E setup.template.settings.index.number_of_replicas=0
        -E apm-server.kibana.enabled=true
        -E apm-server.kibana.host=kibana:5601
        -E apm-server.kibana.username=${ELASTICSEARCH_USERNAME}
        -E apm-server.kibana.password=${ELASTICSEARCH_PASSWORD}
        -E output.elasticsearch.hosts=["elasticsearch:9200"]
        -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME}
        -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
        -E xpack.monitoring.enabled=true
    deploy:
      labels:
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/
        - com.df.port=8200
        - com.df.srcPort=8200

networks:
    elastic:
      external: true

volumes:
  elasticsearch:
  kibana:

configs:
  ls_config:
    file: $PWD/elk/logstash/config/pipeline/logstash.conf
  ||key_config:
    file: $PWD/keyskeys/kib01.key
  crt_config:
    file: $PWD/keyskeys/kib01.crt
  root_config:
    file: $PWD/keyskeys/rootCA.pem

0 results until now.

image

Can you please advise as to how I configure kibana to work with SSL?

By the way thx @shazChaudhry for the repo. It is very useful to me :)

Thanks in advance.

@shazChaudhry
Copy link
Owner

@wingerlion
Please accept my apologies. I have never tried SSL with this repo.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants
  NODES
COMMUNITY 1
Project 5
USERS 1