clean Dockerfile and docker-compose start script

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-odfe:4.3.0-dev
+    image: wazuh/wazuh-odfe:4.3.0
     hostname: wazuh.master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-odfe:4.3.0-dev
+    image: wazuh/wazuh-odfe:4.3.0
     hostname: wazuh.worker
     restart: always
     environment:
@@ -175,8 +175,8 @@ services:
       - wazuh.worker:wazuh.worker
       - wazuh.dashboard:wazuh.dashboard
     volumes:
-      - ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./production_cluster/nginx_wazuh/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro
+      - ./production_cluster/nginx_wazuh/ssl:/etc/nginx/ssl:ro
 
 volumes:
   ossec-api-configuration:

production-cluster_odfe.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:4.4.0
     hostname: wazuh-master
     restart: always
     ports:
@@ -11,7 +11,7 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      - ELASTICSEARCH_URL=https://wazuh-indexer:9700
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
       - ELASTIC_USERNAME=admin
       - ELASTIC_PASSWORD=SecretPassword
       - FILEBEAT_SSL_VERIFICATION_MODE=full
@@ -32,17 +32,17 @@ services:
       - ossec-wodles:/var/ossec/wodles
       - filebeat-etc:/etc/filebeat
       - filebeat-var:/var/lib/filebeat
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
+      - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key
+      - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:4.4.0
     hostname: wazuh-worker
     restart: always
     environment:
-      - ELASTICSEARCH_URL=https://wazuh-indexer:9700
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
       - ELASTIC_USERNAME=admin
       - ELASTIC_PASSWORD=SecretPassword
       - FILEBEAT_SSL_VERIFICATION_MODE=full
@@ -61,21 +61,19 @@ services:
       - worker-ossec-wodles:/var/ossec/wodles
       - worker-filebeat-etc:/etc/filebeat
       - worker-filebeat-var:/var/lib/filebeat
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
+      - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key
+      - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key
       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
-  wazuh-indexer:
+  elasticsearch:
-    image: wazuh-indexer
+    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: wazuh-indexer
+    hostname: elasticsearch
     restart: always
     ports:
-      - "9700:9700"
+      - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "NODE_TYPE=master"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -84,23 +82,21 @@ services:
         soft: 65536
         hard: 65536
     volumes:
-      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
+      - elastic-data-1:/usr/share/elasticsearch/data
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.key:/etc/wazuh-indexer/certs/wazuh-indexer.key
+      - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.pem:/etc/wazuh-indexer/certs/wazuh-indexer.pem
+      - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/etc/wazuh-indexer/certs/admin.pem
+      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/admin.key:/etc/wazuh-indexer/certs/admin-key.pem
+      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
-      - ./production_cluster/wazuh-indexer/opensearch-node1.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
+      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
-  wazuh-indexer-2:
+  elasticsearch-2:
-    image: wazuh-indexer
+    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: wazuh-indexer-2
+    hostname: elasticsearch-2
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "NODE_TYPE=worker"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -109,21 +105,19 @@ services:
         soft: 65536
         hard: 65536
     volumes:
-      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
+      - elastic-data-2:/usr/share/elasticsearch/data
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.key:/etc/wazuh-indexer/certs/wazuh-indexer-2.key
+      - ./production_cluster/ssl_certs/node2.key:/usr/share/elasticsearch/config/node2.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.pem:/etc/wazuh-indexer/certs/wazuh-indexer-2.pem
+      - ./production_cluster/ssl_certs/node2.pem:/usr/share/elasticsearch/config/node2.pem
-      - ./production_cluster/wazuh-indexer/opensearch-node2.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
-  wazuh-indexer-3:
+  elasticsearch-3:
-    image: wazuh-indexer
+    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: wazuh-indexer-3
+    hostname: elasticsearch-3
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "NODE_TYPE=worker"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -132,15 +126,15 @@ services:
         soft: 65536
         hard: 65536
     volumes:
-      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
+      - elastic-data-3:/usr/share/elasticsearch/data
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.key:/etc/wazuh-indexer/certs/wazuh-indexer-3.key
+      - ./production_cluster/ssl_certs/node3.key:/usr/share/elasticsearch/config/node3.key
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.pem:/etc/wazuh-indexer/certs/wazuh-indexer-3.pem
+      - ./production_cluster/ssl_certs/node3.pem:/usr/share/elasticsearch/config/node3.pem
-      - ./production_cluster/wazuh-indexer/opensearch-node3.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-dashboard:4.3.0
+    image: wazuh/wazuh-kibana-odfe:4.4.0
     hostname: kibana
     restart: always
     ports:
@@ -149,19 +143,19 @@ services:
       - ELASTICSEARCH_USERNAME=admin
       - ELASTICSEARCH_PASSWORD=SecretPassword
       - SERVER_SSL_ENABLED=true
-      - SERVER_SSL_CERTIFICATE=/etc/wazuh-dashboard/certs/cert.pem
+      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/cert.pem
-      - SERVER_SSL_KEY=/etc/wazuh-dashboard/certs/key.pem
+      - SERVER_SSL_KEY=/usr/share/kibana/config/key.pem
       - WAZUH_API_URL="https://wazuh-master"
       - API_USERNAME=acme-user
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-      - ./production_cluster/kibana_ssl/cert.pem:/etc/wazuh-dashboard/certs/cert.pem
+      - ./production_cluster/kibana_ssl/cert.pem:/usr/share/kibana/config/cert.pem
-      - ./production_cluster/kibana_ssl/key.pem:/etc/wazuh-dashboard/certs/key.pem
+      - ./production_cluster/kibana_ssl/key.pem:/usr/share/kibana/config/key.pem
 
     depends_on:
-      - wazuh-indexer
+      - elasticsearch
     links:
-      - wazuh-indexer:wazuh-indexer
+      - elasticsearch:elasticsearch
       - wazuh-master:wazuh-master
 
   nginx:
@@ -207,6 +201,6 @@ volumes:
   worker-ossec-wodles:
   worker-filebeat-etc:
   worker-filebeat-var:
-  wazuh-indexer-data-1:
+  elastic-data-1:
-  wazuh-indexer-data-2:
+  elastic-data-2:
-  wazuh-indexer-data-3:
+  elastic-data-3:

production_cluster/nginx/nginx.conf

@@ -41,7 +41,7 @@ http {
         ssl_certificate /etc/nginx/ssl/cert.pem;
         ssl_certificate_key /etc/nginx/ssl/key.pem;
         location / {
-            proxy_pass https://wazuh.dashboard:5601/;
+            proxy_pass https://kibana:5601/;
             proxy_ssl_verify off;
             proxy_buffer_size          128k;
             proxy_buffers              4 256k;
@@ -57,8 +57,8 @@ http {
 stream {
     upstream mycluster {
         hash $remote_addr consistent;
-        server wazuh.master:1514;
+        server wazuh-master:1514;
-        server wazuh.worker:1514;
+        server wazuh-worker:1514;
     }
     server {
         listen 1514;

production_cluster/nginx_wazuh/nginx.conf

@@ -0,0 +1,67 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    server_tokens off;
+    gzip  on;
+
+    # kibana UI
+    server {
+        listen 80;
+        listen [::]:80;
+        return 301 https://$host:443$request_uri;
+    }
+
+    server {
+        listen 443 default_server ssl http2;
+        listen [::]:443 ssl http2;
+        ssl_certificate /etc/nginx/ssl/cert.pem;
+        ssl_certificate_key /etc/nginx/ssl/key.pem;
+        location / {
+            proxy_pass https://wazuh.dashboard:5601/;
+            proxy_ssl_verify off;
+            proxy_buffer_size          128k;
+            proxy_buffers              4 256k;
+            proxy_busy_buffers_size    256k;
+        }
+    }
+
+}
+
+
+
+# load balancer for Wazuh cluster
+stream {
+    upstream mycluster {
+        hash $remote_addr consistent;
+        server wazuh.master:1514;
+        server wazuh.worker:1514;
+    }
+    server {
+        listen 1514;
+        proxy_pass mycluster;
+    }
+}

production_cluster/nginx_wazuh/ssl/generate-self-signed-cert.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+if [ -s key.pem ]
+then
+    echo "Certificate already exists"
+    exit
+else
+    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
+fi