paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-04 05:53:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

correct environment settings in services

Browse Source
This commit is contained in:
vcerenu
2024-04-24 05:57:27 -03:00
parent 10f278cadb
commit 7ec98fedf9
2 changed files with 132 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
multi-node/docker-compose.yml
View File

@@ -18,15 +18,15 @@ services:
- "514:514/udp" - "514:514/udp"
- "55000:55000" - "55000:55000"
environment: environment:
- INDEXER_URL=https://wazuh1.indexer:9200 INDEXER_URL: https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin INDEXER_USERNAME: admin
- INDEXER_PASSWORD=SecretPassword INDEXER_PASSWORD: admin
- FILEBEAT_SSL_VERIFICATION_MODE=full FILEBEAT_SSL_VERIFICATION_MODE: full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem SSL_CERTIFICATE: /etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key SSL_KEY: /etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui API_USERNAME: wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*- API_PASSWORD: MyS3cr37P450r.*-
volumes: volumes:
- master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-api-configuration:/var/ossec/api/configuration
- master-wazuh-etc:/var/ossec/etc - master-wazuh-etc:/var/ossec/etc
@@ -56,13 +56,13 @@ services:
soft: 655360 soft: 655360
hard: 655360 hard: 655360
environment: environment:
- INDEXER_URL=https://wazuh1.indexer:9200 INDEXER_URL: https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin INDEXER_USERNAME: admin
- INDEXER_PASSWORD=SecretPassword INDEXER_PASSWORD: admin
- FILEBEAT_SSL_VERIFICATION_MODE=full FILEBEAT_SSL_VERIFICATION_MODE: full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem SSL_CERTIFICATE: /etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key SSL_KEY: /etc/ssl/filebeat.key
volumes: volumes:
- worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-api-configuration:/var/ossec/api/configuration
- worker-wazuh-etc:/var/ossec/etc - worker-wazuh-etc:/var/ossec/etc
@@ -84,6 +84,13 @@ services:
image: wazuh/wazuh-indexer:5.0.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh1.indexer hostname: wazuh1.indexer
restart: always restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports: ports:
- "9200:9200" - "9200:9200"
environment: environment:
@@ -116,13 +123,6 @@ services:
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes: volumes:
- wazuh-indexer-data-1:/var/lib/wazuh-indexer - wazuh-indexer-data-1:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -132,12 +132,18 @@ services:
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh2.indexer: wazuh2.indexer:
image: wazuh/wazuh-indexer:5.0.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh2.indexer hostname: wazuh2.indexer
restart: always restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
environment: environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true" bootstrap.memory_lock: "true"
@@ -168,13 +174,6 @@ services:
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes: volumes:
- wazuh-indexer-data-2:/var/lib/wazuh-indexer - wazuh-indexer-data-2:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -182,12 +181,18 @@ services:
- ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh3.indexer: wazuh3.indexer:
image: wazuh/wazuh-indexer:5.0.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh3.indexer hostname: wazuh3.indexer
restart: always restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
environment: environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true" bootstrap.memory_lock: "true"
@@ -218,13 +223,6 @@ services:
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes: volumes:
- wazuh-indexer-data-3:/var/lib/wazuh-indexer - wazuh-indexer-data-3:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -232,42 +230,47 @@ services:
- ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard: wazuh.dashboard:
image: wazuh/wazuh-dashboard:5.0.0 image: wazuh/wazuh-dashboard:5.0.0
hostname: wazuh.dashboard hostname: wazuh.dashboard
restart: always restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports: ports:
- 443:5601 - 443:5601
environment: environment:
- OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
- WAZUH_API_URL="https://wazuh.master" WAZUH_API_URL: "https://wazuh.master"
- API_USERNAME=wazuh-wui API_USERNAME: wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*- API_PASSWORD: MyS3cr37P450r.*-
- DASHBOARD_USERNAME=kibanaserver DASHBOARD_USERNAME: kibanaserver
- DASHBOARD_PASSWORD=kibanaserver DASHBOARD_PASSWORD: kibanaserver
- SERVER_HOST=0.0.0.0 SERVER_HOST: "0.0.0.0"
- SERVER_PORT=5601 SERVER_PORT: "5601"
- OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 OPENSEARCH_SSL_VERIFICATIONMODE: certificate
- OPENSEARCH_SSL_VERIFICATIONMODE=certificate OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
- OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
- OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false SERVER_SSL_ENABLED: "true"
- SERVER_SSL_ENABLED=true OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
- OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
- SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
- SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
- OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
- UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
volumes: volumes:
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
# if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
depends_on: depends_on:
- wazuh1.indexer - wazuh1.indexer
links: links:

132
single-node/docker-compose.yml
View File

@@ -19,15 +19,15 @@ services:
- "514:514/udp" - "514:514/udp"
- "55000:55000" - "55000:55000"
environment: environment:
- INDEXER_URL=https://wazuh.indexer:9200 INDEXER_URL: https://wazuh.indexer:9200
- INDEXER_USERNAME=admin INDEXER_USERNAME: admin
- INDEXER_PASSWORD=SecretPassword INDEXER_PASSWORD: admin
- FILEBEAT_SSL_VERIFICATION_MODE=full FILEBEAT_SSL_VERIFICATION_MODE: full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem SSL_CERTIFICATE: /etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key SSL_KEY: /etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui API_USERNAME: wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*- API_PASSWORD: MyS3cr37P450r.*-
volumes: volumes:
- wazuh_api_configuration:/var/ossec/api/configuration - wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc - wazuh_etc:/var/ossec/etc
@@ -49,37 +49,6 @@ services:
image: wazuh/wazuh-indexer:5.0.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh.indexer hostname: wazuh.indexer
restart: always restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- NETWORK_HOST="0.0.0.0"
- NODE_NAME="wazuh.indexer"
- CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer"
- CLUSTER_NAME="wazuh-cluster"
- PATH_DATA=/var/lib/wazuh-indexer
- PATH_LOGS=/var/log/wazuh-indexer
- HTTP_PORT=9200-9299
- TRANSPORT_TCP_PORT=9300-9399
- COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true
- PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
- PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
- PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
- PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
- PLUGINS_SECURITY_SSL_HTTP_ENABLED=true
- PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false
- PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false
- PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
- PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true
- PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true
- PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]'
- PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true
- PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
- PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true
- CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false
ulimits: ulimits:
memlock: memlock:
soft: -1 soft: -1
@@ -87,6 +56,37 @@ services:
nofile: nofile:
soft: 65536 soft: 65536
hard: 65536 hard: 65536
ports:
- "9200:9200"
environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true"
NODE_NAME: "wazuh.indexer"
CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
CLUSTER_NAME: "wazuh-cluster"
PATH_DATA: /var/lib/wazuh-indexer
PATH_LOGS: /var/log/wazuh-indexer
HTTP_PORT: 9200-9299
TRANSPORT_TCP_PORT: 9300-9399
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
volumes: volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer - wazuh-indexer-data:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -96,43 +96,47 @@ services:
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard: wazuh.dashboard:
image: wazuh/wazuh-dashboard:5.0.0 image: wazuh/wazuh-dashboard:5.0.0
hostname: wazuh.dashboard hostname: wazuh.dashboard
restart: always restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports: ports:
- 443:5601 - 443:5601
environment: environment:
- INDEXER_USERNAME=admin WAZUH_API_URL: https://wazuh.manager
- INDEXER_PASSWORD=SecretPassword DASHBOARD_USERNAME: kibanaserver
- WAZUH_API_URL=https://wazuh.manager DASHBOARD_PASSWORD: kibanaserver
- DASHBOARD_USERNAME=kibanaserver API_USERNAME: wazuh-wui
- DASHBOARD_PASSWORD=kibanaserver API_PASSWORD: MyS3cr37P450r.*-
- API_USERNAME=wazuh-wui SERVER_HOST: 0.0.0.0
- API_PASSWORD=MyS3cr37P450r.*- SERVER_PORT: 5601
- SERVER_HOST=0.0.0.0 OPENSEARCH_HOSTS: https://wazuh.indexer:9200
- SERVER_PORT=5601 OPENSEARCH_SSL_VERIFICATIONMODE: certificate
- OPENSEARCH_HOSTS=https://wazuh.indexer:9200 OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
- OPENSEARCH_SSL_VERIFICATIONMODE=certificate OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
- OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] SERVER_SSL_ENABLED: "true"
- OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
- SERVER_SSL_ENABLED=true SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
- OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
- SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
- SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
- OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
- UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
volumes: volumes:
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
# if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
depends_on: depends_on:
- wazuh.indexer - wazuh.indexer
links: links: