version: "3.9" x-app-common: &app-common image: elasticsearch:8.11.3 x-traefik-es-label: &traefik-es-label traefik.enable: true traefik.http.routers.es-1.service: es-1 traefik.http.services.es-1.loadbalancer.server.port: 9200 x-traefik-kb-label: &traefik-kb-label traefik.enable: true traefik.http.routers.es-1-kb.service: es-1-kb traefik.http.services.es-1-kb.loadbalancer.server.port: 5601 services: es-1-setup: <<: *app-common container_name: es-1-setup command: sh ./setup.sh user: "0" working_dir: /usr/share/elasticsearch volumes: - /volume5/storage/docker-data/es-1/conf/setup.sh:/usr/share/elasticsearch/setup.sh - /volume5/storage/docker-data/es-1/conf/instance.yml/:/usr/share/elasticsearch/config/instance.yml - /volume5/storage/docker-data/es-1/cert/:/usr/share/elasticsearch/config/cert/ - /volume5/storage/docker-data/es-1/data/:/usr/share/elasticsearch/data/ healthcheck: test: ["CMD-SHELL", "[ -f /usr/share/elasticsearch/config/cert/es-1-1/es-1-1.crt ]"] interval: 1s timeout: 5s retries: 120 es-1-1: <<: *app-common container_name: es-1-1 hostname: es-1-1 labels: <<: *traefik-es-label expose: - "9200" environment: # ES_JAVA_OPTS: -Xms4g -Xmx4g node.name: es-1-1 cluster.name: es-1 cluster.initial_master_nodes: es-1-1,es-1-2 discovery.seed_hosts: es-1-2 bootstrap.memory_lock: "true" ELASTIC_PASSWORD: xpack.security.enabled: true xpack.security.http.ssl.enabled: false xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/cert/ca/ca.crt xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/cert/es-1-1/es-1-1.crt xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/cert/es-1-1/es-1-1.key xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.realm1.order: 1 xpack.monitoring.collection.enabled: true volumes: - /volume5/storage/docker-data/es-1/conf/users:/usr/share/elasticsearch/config/users - /volume5/storage/docker-data/es-1/conf/users_roles:/usr/share/elasticsearch/config/users_roles - /volume5/storage/docker-data/es-1/data/1/:/usr/share/elasticsearch/data/ - /volume5/storage/docker-data/es-1/cert/:/usr/share/elasticsearch/config/cert/ deploy: resources: limits: memory: 8g ulimits: memlock: soft: -1 hard: -1 depends_on: es-1-setup: condition: service_healthy healthcheck: test: ["CMD-SHELL","curl -s http://localhost:9200 | grep -q 'missing authentication credentials'"] interval: 10s timeout: 10s retries: 120 es-1-2: <<: *app-common container_name: es-1-2 hostname: es-1-2 labels: <<: *traefik-es-label expose: - "9200" environment: # ES_JAVA_OPTS: -Xms4g -Xmx4g node.name: es-1-2 cluster.name: es-1 cluster.initial_master_nodes: es-1-1,es-1-2 discovery.seed_hosts: es-1-1 bootstrap.memory_lock: "true" ELASTIC_PASSWORD: xpack.security.enabled: true xpack.security.http.ssl.enabled: false xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/cert/ca/ca.crt xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/cert/es-1-2/es-1-2.crt xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/cert/es-1-2/es-1-2.key xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.realm1.order: 1 xpack.monitoring.collection.enabled: true volumes: - /volume5/storage/docker-data/es-1/conf/users:/usr/share/elasticsearch/config/users - /volume5/storage/docker-data/es-1/conf/users_roles:/usr/share/elasticsearch/config/users_roles - /volume5/storage/docker-data/es-1/data/2/:/usr/share/elasticsearch/data/ - /volume5/storage/docker-data/es-1/cert/:/usr/share/elasticsearch/config/cert/ deploy: resources: limits: memory: 8g ulimits: memlock: soft: -1 hard: -1 depends_on: - es-1-1 healthcheck: test: ["CMD-SHELL","curl -s http://localhost:9200 | grep -q 'missing authentication credentials'"] interval: 10s timeout: 10s retries: 120 es-1-kb: image: kibana:8.11.3 container_name: es-1-kb labels: <<: *traefik-kb-label expose: - "5601" volumes: - /volume5/storage/docker-data/es-1/conf/kibana.yml:/usr/share/kibana/config/kibana.yml depends_on: es-1-1: condition: service_healthy es-1-2: condition: service_healthy healthcheck: test: ["CMD-SHELL","curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'"] interval: 10s timeout: 10s retries: 120