From 7a2e03032f1b516e77b3646f89e4d57871cef423 Mon Sep 17 00:00:00 2001
From: root <rrodri0622@gmail.com>
Date: Tue, 6 Jun 2017 01:54:41 -0400
Subject: [PATCH] testing docker compose

---
 backup_docker-compose                  | 48 ++++++++++++++++++++++++++
 docker-compose.yml                     | 41 ++++++++++++++--------
 elasticsearch/docker/Dockerfile        | 10 +++---
 elasticsearch/docker/elasticsearch.yml |  5 +--
 kibana/docker/Dockerfile               |  9 ++---
 kibana/kibana.yml                      |  4 +--
 logstash/docker/Dockerfile             |  1 -
 logstash/docker/logstash.yml           | 11 ++++++
 nginx/docker/Dockerfile                |  8 ++---
 nginx/docker/Dockerfile.save           | 13 +++++++
 nginx/docker/default                   |  2 +-
 nginx/docker/htpasswd.users            |  1 +
 12 files changed, 116 insertions(+), 37 deletions(-)
 create mode 100644 backup_docker-compose
 create mode 100644 logstash/docker/logstash.yml
 create mode 100644 nginx/docker/Dockerfile.save
 create mode 100644 nginx/docker/htpasswd.users

diff --git a/backup_docker-compose b/backup_docker-compose
new file mode 100644
index 0000000..36ec4e9
--- /dev/null
+++ b/backup_docker-compose
@@ -0,0 +1,48 @@
+# Docker compose file for the HELK
+# HELK build version: 0.9 (BETA Script)
+# Author: Roberto Rodriguez @Cyb3rWard0g
+# ELK Version: 5x
+
+version: '2'
+
+services:
+
+  elasticsearch:
+    build: elasticsearch/docker/
+    ports:
+      - "9200:9200"
+    environment:
+      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+  kibana:
+    build: kibana/docker/
+    ports:
+      - "5601:5601"
+    depends_on:
+      - elasticsearch
+    networks:
+      - helk
+  nginx:
+    build: nginx/docker/
+    ports:
+      - "80:80"
+    depends_on:
+      - kibana
+    networks:
+      - helk
+  logstash:
+    build: logstash/docker/
+    depends_on:
+      - elasticsearch
+    ports:
+      - "5044:5044"
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+
+networks:
+
+  helk:
+    driver: bridge
diff --git a/docker-compose.yml b/docker-compose.yml
index 7d9f02e..c6bf214 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,28 +8,41 @@ version: '2'
 services:
 
   elasticsearch:
-    build: elasticsearch/docker/
-    restart: always
+    image: elasticsearch:latest
+    volumes:
+      - ./elasticsearch/docker/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+    environment:
+      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
     ports:
       - "9200:9200"
+    networks:
+      - helk
   kibana:
-    build: kibana/docker/
-    restart: always
+    image: kibana:latest
+    volumes:
+      - ./kibana/docker/kibana.yml:/usr/share/config/kibana/kibana.yml
     ports:
       - "5601:5601"
     depends_on:
       - elasticsearch
-  nginx:
-    build: nginx/docker/
-    restart: always
-    ports:
-      - "80:80"
-    depends_on:
-      - kibana
+    networks:
+      - helk
   logstash:
-    build: logstash/docker/
-    restart: always
+    image: logstash:latest
+    volumes:
+      - ./logstash/docker/02-beats-input.conf:/usr/share/logstash/pipeline/02-beats-input.conf
+      - ./logstash/docker/50-elasticsearch-output.conf:/usr/share/logstash/pipeline/50-elasticsearch-output.conf
+      - ./logstash/docker/logstash.yml:/usr/share/logstash/config/logstash.yml
     depends_on:
       - elasticsearch
     ports:
-      - "5044:5044"
\ No newline at end of file
+      - "5044:5044"
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+
+networks:
+
+  helk:
+    driver: bridge
diff --git a/elasticsearch/docker/Dockerfile b/elasticsearch/docker/Dockerfile
index 37ac3c4..ed58a81 100644
--- a/elasticsearch/docker/Dockerfile
+++ b/elasticsearch/docker/Dockerfile
@@ -5,14 +5,12 @@ FROM openjdk:8-jre
 
 RUN apt-get update && \
     wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
-	apt-get install -y --no-install-recommends apt-transport-https && \
-	echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
-	apt-get install -y --no-install-recommends elasticsearch && \
-	mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
+    apt-get install -y --no-install-recommends apt-transport-https && \
+    echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
+    apt-get install -y --no-install-recommends elasticsearch && \
+    mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
 
 ADD elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
 
 EXPOSE 9200
 
-CMD ["/bin/systemctl", "start", "elasticsearch"]
-
diff --git a/elasticsearch/docker/elasticsearch.yml b/elasticsearch/docker/elasticsearch.yml
index 71c289e..cdf0455 100644
--- a/elasticsearch/docker/elasticsearch.yml
+++ b/elasticsearch/docker/elasticsearch.yml
@@ -52,7 +52,7 @@
 #
 # Set the bind address to a specific IP (IPv4 or IPv6):
 #
-network.host: localhost
+network.host: 0.0.0.0
 #
 # Set a custom port for HTTP:
 #
@@ -85,4 +85,5 @@ network.host: localhost
 #
 # Require explicit names when deleting indices:
 #
-#action.destructive_requires_name: true
\ No newline at end of file
+#action.destructive_requires_name: true
+discovery.type: single-node
diff --git a/kibana/docker/Dockerfile b/kibana/docker/Dockerfile
index d3ebc09..2d91d70 100644
--- a/kibana/docker/Dockerfile
+++ b/kibana/docker/Dockerfile
@@ -1,17 +1,14 @@
 # Dockerfile for Kibana
 # Author: Roberto Rodriguez @Cyb3rWard0g
 
-FROM debian:jessie
-
-RUN apt-get update && \
+FROM ubuntu:16.04
+RUN apt-get update && apt-get install -y wget && \
     wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
 	apt-get install -y --no-install-recommends apt-transport-https && \
 	echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
-	apt-get install -y --no-install-recommends kibana && \
+	apt-get update && apt-get install -y --no-install-recommends kibana && \
 	mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml
 
 ADD kibana.yml /etc/kibana/kibana.yml
 
 EXPOSE 5601
-
-CMD ["/bin/systemctl", "start", "kibana"]
\ No newline at end of file
diff --git a/kibana/kibana.yml b/kibana/kibana.yml
index cfe2d79..83954f2 100644
--- a/kibana/kibana.yml
+++ b/kibana/kibana.yml
@@ -4,7 +4,7 @@
 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
 # The default is 'localhost', which usually means remote machines will not be able to connect.
 # To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "localhost"
+server.host: "192.168.1.210"
 
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
 # the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
@@ -96,4 +96,4 @@ server.host: "localhost"
 
 # Set the interval in milliseconds to sample system and process performance
 # metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
\ No newline at end of file
+#ops.interval: 5000
diff --git a/logstash/docker/Dockerfile b/logstash/docker/Dockerfile
index 3050ab4..55f1a09 100644
--- a/logstash/docker/Dockerfile
+++ b/logstash/docker/Dockerfile
@@ -14,4 +14,3 @@ ADD 50-elasticsearch-output.conf /etc/logstash/conf.d/50-elasticsearch-output.co
 
 EXPOSE 5044
 
-CMD ["/bin/systemctl", "start", "logstash"]
diff --git a/logstash/docker/logstash.yml b/logstash/docker/logstash.yml
new file mode 100644
index 0000000..4c6eb8e
--- /dev/null
+++ b/logstash/docker/logstash.yml
@@ -0,0 +1,11 @@
+## Default Logstash configuration from logstash-docker.
+## from https://github.com/elastic/logstash-docker/blob/master/build/logstash/config/logstash.yml
+#
+http.host: "0.0.0.0"
+path.config: /usr/share/logstash/pipeline
+
+## Disable X-Pack
+## see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
+##     https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html#xpack-enabling
+#
+xpack.monitoring.enabled: false
diff --git a/nginx/docker/Dockerfile b/nginx/docker/Dockerfile
index ce2b0e0..a7196c4 100644
--- a/nginx/docker/Dockerfile
+++ b/nginx/docker/Dockerfile
@@ -1,14 +1,12 @@
 # Dockerfile for nginx
 # Author: Roberto Rodriguez @Cyb3rWard0g
 
-FROM debian:jessie
+FROM ubuntu:16.04
 
 RUN apt-get update && apt-get -y install nginx && \
-	echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
-	mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
+    mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
 
 ADD default /etc/nginx/sites-available/default
+ADD htpasswd.users /etc/nginx/htpasswd.users
 
 EXPOSE 80
-
-CMD ["/bin/systemctl", "restart", "nginx"]
\ No newline at end of file
diff --git a/nginx/docker/Dockerfile.save b/nginx/docker/Dockerfile.save
new file mode 100644
index 0000000..04d9366
--- /dev/null
+++ b/nginx/docker/Dockerfile.save
@@ -0,0 +1,13 @@
+# Dockerfile for nginx
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM ubuntu:16.04FROM ubuntu:16.04
+
+
+RUN apt-get update && apt-get -y install nginx && \
+	echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
+	mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
+
+ADD default /etc/nginx/sites-available/default
+
+EXPOSE 80
diff --git a/nginx/docker/default b/nginx/docker/default
index 04de409..af1cdca 100644
--- a/nginx/docker/default
+++ b/nginx/docker/default
@@ -1,7 +1,7 @@
 server {
     listen 80;
 
-    server_name 127.0.0.1;
+    server_name HELK;
 
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/htpasswd.users;
diff --git a/nginx/docker/htpasswd.users b/nginx/docker/htpasswd.users
new file mode 100644
index 0000000..8f64096
--- /dev/null
+++ b/nginx/docker/htpasswd.users
@@ -0,0 +1 @@
+helk:$apr1$KqCSJuqd$1PmrttbIkGNtm0.Z4HC6E1