1.拉取鏡像

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.8.0

2.啟動(dòng)容器，設(shè)置部分參數(shù)是為了支持跨域訪問(wèn)。

docker run -d --name elasticsearch  -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e http.cors.enabled=true -e http.cors.allow-origin="*" -e http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization -e http.cors.allow-credentials=true elasticsearch:7.8.0

3.通過(guò)ip:9200 訪問(wèn)，會(huì)返回集群狀態(tài)信息，證明安裝成功。

{
  "name" : "5dd2a7d3354a",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "08oprFX1QHqvMuCZHJJMYQ",
  "version" : {
    "number" : "7.8.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
    "build_date" : "2020-06-14T19:35:50.234439Z",
    "build_snapshot" : false,
    "lucene_version" : "8.5.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

4.chrome安裝head插件--ElasticSearch Head。

5.此刻你會(huì)發(fā)現(xiàn)Elasticsearch是裸奔的，現(xiàn)在添加基本安全驗(yàn)證。

5.1 進(jìn)入容器

docker ps
docker exec -it 容器ID bash

5.2 進(jìn)入到Elasticsearch安裝目錄

cd /usr/share/elasticsearch

5.3使用下列命令生成證書(shū)，證書(shū)生成后在config下

bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""

此時(shí)/usr/share/elasticsearch/config目錄下會(huì)多出2個(gè)文件：elastic-certificates.p12 和 elasticsearch.keystore。
修改文件所屬用戶和權(quán)限：

chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config/

5.4 修改配置，打開(kāi)config/elasticsearch.yml，添加以下內(nèi)容：

vi /usr/share/elasticsearch/config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

5.5 重啟容器

docker restart 容器ID

5.6 進(jìn)入容器

docker exec -it 容器ID bash

執(zhí)行

elasticsearch-setup-passwords auto

請(qǐng)記住生成的密碼。

Changed password for user apm_system
PASSWORD apm_system = qJFIxIjffpGe0o9QzKJf
Changed password for user kibana_system
PASSWORD kibana_system = EM3gO5q5nJOxEIyyomnA
Changed password for user kibana
PASSWORD kibana = EM3gO5q5nJOxEIyyomnA
Changed password for user logstash_system
PASSWORD logstash_system = qheZS2uy6c3OVDEId6kJ
Changed password for user beats_system
PASSWORD beats_system = aAqBG05BjYneMCXB3i78
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = OCZIk6HRvQJcDRaGFAUU
Changed password for user elastic
PASSWORD elastic = XdATDBkyNvlOPYKoUfSb

如果想自己設(shè)置密碼，請(qǐng)執(zhí)行

elasticsearch-setup-passwords interactive

5.7 打開(kāi)瀏覽器，訪問(wèn)localhost:9200 會(huì)提示你輸入用戶名密碼。至此，密碼設(shè)置完成。

6.安裝分詞器

進(jìn)入到docker容器內(nèi)

elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.8.0/elasticsearch-analysis-ik-7.8.0.zip

安裝完成后查看

elasticsearch-plugin list

刪除分詞器

elasticsearch-plugin remove analysis-ik

7安裝kabana

7.1拉取kabana鏡像

docker pull kibana:7.8.0

7.2啟動(dòng)kibana

docker run --name kibana -p 5601:5601 -d kibana:7.8.0

7.3修改elasticsearch配置

進(jìn)入到容器

docker exec -it ac016117a18d bash

修改/usr/share/kibana/config/kibana.yml
elasticsearch.hosts: [ "http://xx.x.xx.xx:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
退出重啟kibana
然后瀏覽器訪問(wèn)ip:5601就能進(jìn)入kibana，賬號(hào)密碼為elsticsearch的賬號(hào)密碼

7.4驗(yàn)證IK分詞器是否配置成功

在elk的dev-tools輸入，提示如下

POST /_analyze
{
  "analyzer": "ik_max_word",
  "text": "我是Joey"
}

image.png

8.安裝logstash

docker run -d --restart=always --log-driver json-file --log-opt max-size=100m --log-opt max-file=2 -p 5044:5044 --name logstash --privileged=true -v /data/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml -v /data/elk/logstash/conf.d/:/usr/share/logstash/conf.d/ logstash:7.8.0