Skip to content

Commit eed8dc9

Browse files
author
Toby McLaughlin
committed
[DOCS] Update TLS on Docker for 6.3
Remove references to the `platinum` image and add a self-generated trial licence to the example for TLS on Docker. Fixes elastic/elasticsearch-docker#176
1 parent 1fddf6c commit eed8dc9

File tree

1 file changed

+21
-8
lines changed

1 file changed

+21
-8
lines changed

x-pack/docs/en/security/securing-communications/configuring-tls-docker.asciidoc

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
[role="xpack"]
22
[[configuring-tls-docker]]
3-
=== Encrypting Communications in an {es} Docker Image
3+
=== Encrypting Communications in an {es} Docker Container
44

55
Starting with version 6.0.0, {security} (Gold, Platinum or Enterprise subscriptions) https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html[requires SSL/TLS]
66
encryption for the transport networking layer.
77

88
This section demonstrates an easy path to get started with SSL/TLS for both
9-
HTTPS and transport using the `elasticsearch-platinum` docker image.
9+
HTTPS and transport using the {es} Docker image. The example uses
10+
Docker Compose to manage the containers.
1011

1112
For further details, please refer to
1213
{xpack-ref}/encrypting-communications.html[Encrypting Communications] and
@@ -17,7 +18,7 @@ https://www.elastic.co/subscriptions[available subscriptions].
1718

1819
<<docker,Install {es} with Docker>>.
1920

20-
Inside a new, empty, directory create the following **four files**:
21+
Inside a new, empty directory, create the following four files:
2122

2223
`instances.yml`:
2324
["source","yaml"]
@@ -29,6 +30,7 @@ instances:
2930
- localhost
3031
ip:
3132
- 127.0.0.1
33+
3234
- name: es02
3335
dns:
3436
- es02
@@ -60,6 +62,7 @@ ifeval::["{release-state}"!="unreleased"]
6062
["source","yaml",subs="attributes"]
6163
----
6264
version: '2.2'
65+
6366
services:
6467
create_certs:
6568
container_name: create_certs
@@ -96,6 +99,7 @@ ifeval::["{release-state}"!="unreleased"]
9699
["source","yaml",subs="attributes"]
97100
----
98101
version: '2.2'
102+
99103
services:
100104
es01:
101105
container_name: es01
@@ -105,9 +109,11 @@ services:
105109
- discovery.zen.minimum_master_nodes=2
106110
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD <1>
107111
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
112+
- xpack.license.self_generated.type=trial <2>
113+
- xpack.security.enabled=true
108114
- xpack.security.http.ssl.enabled=true
109115
- xpack.security.transport.ssl.enabled=true
110-
- xpack.security.transport.ssl.verification_mode=certificate <2>
116+
- xpack.security.transport.ssl.verification_mode=certificate <3>
111117
- xpack.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
112118
- xpack.ssl.certificate=$CERTS_DIR/es01/es01.crt
113119
- xpack.ssl.key=$CERTS_DIR/es01/es01.key
@@ -119,32 +125,39 @@ services:
119125
interval: 30s
120126
timeout: 10s
121127
retries: 5
128+
122129
es02:
123130
container_name: es02
124-
image: docker.elastic.co/elasticsearch/elasticsearch-platinum:{version}
131+
image: docker.elastic.co/elasticsearch/elasticsearch:{version}
125132
environment:
126133
- node.name=es02
127134
- discovery.zen.minimum_master_nodes=2
128135
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
129136
- discovery.zen.ping.unicast.hosts=es01
130137
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
138+
- xpack.license.self_generated.type=trial
139+
- xpack.security.enabled=true
131140
- xpack.security.http.ssl.enabled=true
132141
- xpack.security.transport.ssl.enabled=true
133142
- xpack.security.transport.ssl.verification_mode=certificate
134143
- xpack.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
135144
- xpack.ssl.certificate=$CERTS_DIR/es02/es02.crt
136145
- xpack.ssl.key=$CERTS_DIR/es02/es02.key
137146
volumes: ['esdata_02:/usr/share/elasticsearch/data', './certs:$CERTS_DIR']
147+
138148
wait_until_ready:
139-
image: docker.elastic.co/elasticsearch/elasticsearch-platinum:{version}
149+
image: docker.elastic.co/elasticsearch/elasticsearch:{version}
140150
command: /usr/bin/true
141151
depends_on: {"es01": {"condition": "service_healthy"}}
152+
142153
volumes: {"esdata_01": {"driver": "local"}, "esdata_02": {"driver": "local"}}
143154
----
144155

145-
<1> Bootstrap `elastic` with the password defined in `.env`. See
156+
<1> Bootstrap `elastic` with the password defined in `.env`. See
146157
{stack-ov}/built-in-users.html#bootstrap-elastic-passwords[the Elastic Bootstrap Password].
147-
<2> Disable verification of authenticity for inter-node communication. Allows
158+
<2> Automatically generate and apply a trial subscription, in order to enable
159+
{security}.
160+
<3> Disable verification of authenticity for inter-node communication. Allows
148161
creating self-signed certificates without having to pin specific internal IP addresses.
149162
endif::[]
150163

0 commit comments

Comments
 (0)