Dear @rimelek,
please take my apologies. It was way after midnight, when I have read your blog page.
This is my finally working compose.yaml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
name: wazuh
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.8.0
container_name: manager
hostname: wazuh.manager
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
- TZ=Europe/Zurich
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc
- wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
networks:
# macvlan60:
# ipv4_address: 192.168.60.8
backend:
ipv4_address: 10.10.14.2
wazuh.indexer:
image: wazuh/wazuh-indexer:4.8.0
container_name: indexer
hostname: wazuh.indexer
restart: unless-stopped
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- TZ=Europe/Zurich
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
networks:
backend:
ipv4_address: 10.10.14.3
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.8.0
container_name: dashboard
hostname: wazuh.dashboard
restart: unless-stopped
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
- TZ=Europe/Zurich
volumes:
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
depends_on:
wazuh.indexer:
condition: service_started
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
networks:
macvlan60:
ipv4_address: 192.168.60.9
backend:
ipv4_address: 10.10.14.4
# Volumes für die Persistierung von Daten (https://dev.to/rimelek/everything-about-docker-volumes-1ib0#custom-volume-path-overview)
volumes:
wazuh_api_configuration:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_api_configuration
o: bind
wazuh_etc:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_etc
o: bind
wazuh_logs:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_logs
o: bind
wazuh_queue:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_queue
o: bind
wazuh_var_multigroups:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_var_multigroups
o: bind
wazuh_integrations:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_integrations
o: bind
wazuh_active_response:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_active_response
o: bind
wazuh_agentless:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_agentless
o: bind
wazuh_wodles:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/wazuh_wodles
o: bind
filebeat_etc:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/filebeat_etc
o: bind
filebeat_var:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/manager/filebeat_var
o: bind
wazuh-indexer-data:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/indexer/wazuh-indexer-data
o: bind
wazuh-dashboard-config:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/dashboard/wazuh-dashboard-config
o: bind
wazuh-dashboard-custom:
driver: local
driver_opts:
type: none
device: /home/uadmin/Docker/Wazuh/wazuh-docker/single-node/config/dashboard/wazuh-dashboard-custom
o: bind
# Network specifications
networks:
macvlan60:
external: true
backend:
internal: true
ipam:
driver: default
config:
- subnet: "10.10.14.0/24"
- It utilises the Docker volume, combined with the mount-option, so that I don’t have to change my backup strategy.
- I was able to define my own network settings.
– the containers talk to each other via an internal docker network
– the dashboard container is accessible via its own IP-address - I added a name, so that the Docker stack is not named after the folder, the compose.yaml is sitting in.
Please allow me a follow up question:
For the dashboard-container, there is a port mapping 443:5601. I expect to reach that container via https://192.168.60.9/. But that leads to a timeout. If I try https://192.168.60.9:5601/ I can reach the web interface. Isn’t 443 the public-facing port?
Chris