Skip to content

Setup using Letsencrypt

Jump to bottom
Josh Rickard edited this page Nov 6, 2020 · 6 revisions

Setting up elk-tls-docker using LetsEncrypt & Swag

This documentation relates to the setup of elk-tls-docker using LetsEncrypt certificates as well as nginx and other services provided by swag.

This documentation will setup external access using LetsEncrypt certificates and will be accessed via a subdomain. e.g. kibana.domain.com

Requirements

In order to use LetsEncrypt certificates for elk-tls-docker you must have the following requirements met:

NOTE: I will be using digitalocean.com as an example throughout this documentation.

  • A registered domain name
  • DNS Records setup correctly and pointing to your host IP
    • Nameservers pointing to your hosting environment
    • A record pointing to your systems IP
    • CNAME record created for subdomain configuration
  • A Ubunutu or other host system that can run docker and docker-compose

.env variable setup

Within your .env file you need to set STAGING to false. You can find more information about the .env here: Environment Variables

Configuring Swag

In order to use swag we must also ensure we have the correct variables in our .env so that LetsEncrypt and swag know who to register our certificate with and to what domain (and subdomains).

Ensure you have defined the following variables in our .env:

DOMAIN=mydomain.com
SUBDOMAIN=kibana
EMAIL=email@email.com
TIMEZONE=America/Chicago

Run docker-compose

Once you have your .env file setup properly we must first run the following command. This is a different order than the self-signed certiticate generation that you have already used previously. Please follow the process below to setup certificates properly.

docker-compose -f docker-compose.production.yml up

You will start to see docker downloading the the images (if not already downloaded previously) and you should see output from swag. This output will indicate if swag was able to successfully generate LetsEncrypt certificates or not. This is critical before more moving forward.

You can also tell if it was successful since they will be located in the following directory:

ls -al ./swag/keys

If you have ./swag/keys/cert.crt and ./swag/keys/cert.key then it is setup correctly.

Go ahead and run docker-compose down to stop all containers running. You can verify this by running docker ps and no containers should be active/running.

Generating Certificates for elk-tls-docker

Now that you have these certificates (e.g. certificate authority / root certificates) we then must run the following command to generate all the necessary certificates:

NOTE: Make sure you .env has STAGING set to false

docker-compose -f docker-compose.setup.yml run --rm certs

This will generate the appropriate certificates for all running services. You should see these files in your secrets folder.

Running

Now that you have the correct certificates, we can now run elk-tls-docker and access it via our subdomain.

docker-compose -f docker-compose.production.yml up -d

Access

You should now be able to access Kibana at your domain by going to your browser and entering:

https://kibana.mydomain.com

Feedback

As always, feedback, additions, and edits are always welcome. Please submit a pull request or create an issue in this repository.

Enjoy!

Clone this wiki locally