ELK in Docker and Beats in a machine in a different network

1
votes

I was trying to configure ELK in docker containers in my private network and A Linux box with beats in another private network. I was trying to generate SSL cert for Filebeat to verify the identity of ELK Server. I tried using the public IP of the container host by forwarding the container port, but it didn't worked. Could any one please help me in verifying the ELK server identity in file beat node.

What I Did?

On Network A: 1) Used sebp/elk image to start a ELK container 2) Did port forwarding for port 5601, 9200, 5044 3) Verified if kibana is loading in web and it was success 4) Generated SSL cert in the ELK container with the public IP of the host where docker was installed. 5) copied this SSL cert on to the beats host /etc/pki/tls/certs/

On Network B: 1) Installed beats in the machine (Not a container) 2) configured filebeat.yml with the public IP of the Docker host with the port (Say x.x.x.x:8001)and added ssl cert path 3) Restarted logstash in Network A and filebeat in Network B and received the following error Error: .514762 transport.go:125: ERR SSL client failed to connect with: x509: cannot validate certificate for because it doesn’t contain any IP SANs.

Thanks much in advance

1
dockerelastic-stackfilebeat

1 Answers

0
votes

You can check and verify for below points -

  1. Expose elasticsearch,logstash and kibana port of container to host, If using default ports check using below command -
  docker port elk_stack
  5044/tcp -> 0.0.0.0:5044
  5601/tcp -> 0.0.0.0:5601
  9200/tcp -> 0.0.0.0:9200

  1. Check filebeat logs if it shows connection request to correct elasticsearch/kibana host which in above case will be your host IP and exposed container port.

  2. Check if elasticsearch and kibana is accessible using curl command from remote host where filebeat is running -

curl ${elasticsearch_host}:9200
curl ${kibana_host}:5601