docker部署ELK，ES开启安全认证

ES启动命令

docker run -d --name elasticsearch   -p 9200:9200 -p 9300:9300     elasticsearch:8.17.0

es启动之后需要进入es容器，重置密码

elasticsearch-reset-password -u elastic -i

重置后的密码配置到kibana.yml中，启动kibana

docker run -d --name kibana   -p 5601:5601   --link elasticsearch:elasticsearch  kibana:8.17.0

kibana启动后，打开管理页面，会弹出需要token的窗口，去es容器中生产

./elasticsearch-create-enrollment-token --scope kibana

之后查看kibana的日志，再日志中打印了6位验证码，输入验证码，kibana就启动完成。

logstash启动主要是需要配置好，先上配置

output {elasticsearch {hosts => ["http://127.0.01:9200"] # 根据你的ES地址修改ssl => truecacert => "/usr/share/logstash/config/http_ca.crt" index => "httppackmsg"user => "elastic"               # 如果启用了安全认证password => "ztn-9lk30OJmIQdhtQEg" document_id => "%{[@metadata][_id]}"action => "update"doc_as_upsert => truescript => "ctx._source.count = (ctx._source.count ?: 0) + 1"script_type => "inline"script_lang => "painless"}# 调试用（可选）stdout {codec => rubydebug}}

配置中同样需要将重置后的密码写上，还有就是配置crt文件的路径，crt文件需要从es容器中导出，然后在logstash启动时挂载。

docker cp <容器名或ID>:<容器内文件路径> <宿主机目标路径>

logstash.yml文件也需要从容器中复制出来，进行一些修改，然后在启动时挂载，logstash修改后示例：

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: ["https://172.17.0.2:9200"]
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "123456"
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/usr/share/logstash/config/http_ca.crt"docker run -it --name logstash \
-v /usr/local/logstash/config/http_ca.crt:/usr/share/logstash/config/http_ca.crt \
-v /usr/local/logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-v /usr/local/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml logstash:8.17.0