# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.master: image: wazuh/wazuh-manager:6.0.0 hostname: wazuh.master restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 655360 hard: 655360 ports: - "1515:1515" - "514:514/udp" - "55000:55000" environment: INDEXER_URL: https://wazuh1.indexer:9200 INDEXER_USERNAME: admin INDEXER_PASSWORD: admin FILEBEAT_SSL_VERIFICATION_MODE: full SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem SSL_CERTIFICATE: /etc/ssl/filebeat.pem SSL_KEY: /etc/ssl/filebeat.key API_USERNAME: wazuh-wui API_PASSWORD: MyS3cr37P450r.*- volumes: - master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-etc:/var/ossec/etc - master-wazuh-logs:/var/ossec/logs - master-wazuh-queue:/var/ossec/queue - master-wazuh-var-multigroups:/var/ossec/var/multigroups - master-wazuh-integrations:/var/ossec/integrations - master-wazuh-active-response:/var/ossec/active-response/bin - master-wazuh-agentless:/var/ossec/agentless - master-wazuh-wodles:/var/ossec/wodles - master-filebeat-etc:/etc/filebeat - master-filebeat-var:/var/lib/filebeat - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: image: wazuh/wazuh-manager:6.0.0 hostname: wazuh.worker restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 655360 hard: 655360 environment: INDEXER_URL: https://wazuh1.indexer:9200 INDEXER_USERNAME: admin INDEXER_PASSWORD: admin FILEBEAT_SSL_VERIFICATION_MODE: full SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem SSL_CERTIFICATE: /etc/ssl/filebeat.pem SSL_KEY: /etc/ssl/filebeat.key volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc - worker-wazuh-logs:/var/ossec/logs - worker-wazuh-queue:/var/ossec/queue - worker-wazuh-var-multigroups:/var/ossec/var/multigroups - worker-wazuh-integrations:/var/ossec/integrations - worker-wazuh-active-response:/var/ossec/active-response/bin - worker-wazuh-agentless:/var/ossec/agentless - worker-wazuh-wodles:/var/ossec/wodles - worker-filebeat-etc:/etc/filebeat - worker-filebeat-var:/var/lib/filebeat - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh1.indexer restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 ports: - "9200:9200" environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" NETWORK_HOST: wazuh1.indexer NODE_NAME: wazuh1.indexer CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' CLUSTER_NAME: "wazuh-cluster" DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' NODE_MAX_LOCAL_STORAGE_NODES: "3" PATH_DATA: /var/lib/wazuh-indexer PATH_LOGS: /var/log/wazuh-indexer PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh2.indexer: image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh2.indexer restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" NETWORK_HOST: wazuh2.indexer NODE_NAME: wazuh2.indexer CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' CLUSTER_NAME: "wazuh-cluster" DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' NODE_MAX_LOCAL_STORAGE_NODES: "3" PATH_DATA: /var/lib/wazuh-indexer PATH_LOGS: /var/log/wazuh-indexer PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh3.indexer: image: wazuh/wazuh-indexer:6.0.0 hostname: wazuh3.indexer restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" NETWORK_HOST: wazuh3.indexer NODE_NAME: wazuh3.indexer CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' CLUSTER_NAME: "wazuh-cluster" DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' NODE_MAX_LOCAL_STORAGE_NODES: "3" PATH_DATA: /var/lib/wazuh-indexer PATH_LOGS: /var/log/wazuh-indexer PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:6.0.0 hostname: wazuh.dashboard restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 ports: - 443:5601 environment: OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" WAZUH_API_URL: "https://wazuh.master" API_USERNAME: wazuh-wui API_PASSWORD: MyS3cr37P450r.*- DASHBOARD_USERNAME: kibanaserver DASHBOARD_PASSWORD: kibanaserver SERVER_HOST: "0.0.0.0" SERVER_PORT: "5601" OPENSEARCH_SSL_VERIFICATIONMODE: certificate OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" SERVER_SSL_ENABLED: "true" OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml depends_on: - wazuh1.indexer links: - wazuh1.indexer:wazuh1.indexer - wazuh.master:wazuh.master nginx: image: nginx:stable hostname: nginx restart: always ports: - "1514:1514" depends_on: - wazuh.master - wazuh.worker - wazuh.dashboard links: - wazuh.master:wazuh.master - wazuh.worker:wazuh.worker - wazuh.dashboard:wazuh.dashboard volumes: - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro volumes: master-wazuh-api-configuration: master-wazuh-etc: master-wazuh-logs: master-wazuh-queue: master-wazuh-var-multigroups: master-wazuh-integrations: master-wazuh-active-response: master-wazuh-agentless: master-wazuh-wodles: master-filebeat-etc: master-filebeat-var: worker-wazuh-api-configuration: worker-wazuh-etc: worker-wazuh-logs: worker-wazuh-queue: worker-wazuh-var-multigroups: worker-wazuh-integrations: worker-wazuh-active-response: worker-wazuh-agentless: worker-wazuh-wodles: worker-filebeat-etc: worker-filebeat-var: wazuh-indexer-data-1: wazuh-indexer-data-2: wazuh-indexer-data-3: wazuh-dashboard-config: wazuh-dashboard-custom: