Secure elasticsearch in Docker

Question

How can I secure elasticsearch for production use in Docker?

I use this docker-compose.yml:

version: '2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.16
container_name: elasticsearch
restart: unless-stopped
environment:
- "network.host=0.0.0.0"
- "http.port=9200"
- "cluster.name=elasticsearch"
- "node.name=db-master"
- "node.master=true"
- "node.data=true"
- "bootstrap.memory_lock=true"
- "ES_JAVA_OPTS=-Xms6g -Xmx6g"
- xpack.security.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 12g
volumes:
- esdata:/usr/share/elasticsearch/data
ports:
- 127.0.0.1:9200:9200
networks:
- esnet
volumes:
esdata:
driver: local
networks:
esnet:

I want elasticsearch to be accessible only on localhost network (only local apps should access it), so it shouldn't be accessible from internet. I use bind to localhost - 127.0.0.1:9200:9200, but I don't know if it is enough.

Answer 1

Yes, It's enough, but you can harden it using XPACK, Xpack is available now in free version of ELK. Please check the reference regarding XPACK: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html

You can run elasticsearch in local network only, If you want to access it later outside your network you can use NGINX Reverse Proxy

Here's the guide : https://logz.io/blog/securing-elk-nginx/

Additionally, the password in elastic is a default. So you can change password in all built-in users by using this command:

bin/elasticsearch-setup-passwords interactive

Lastly, Enable auditing features. Add the following setting to elasticsearch.yml on all nodes in your cluster:

xpack.security.audit.enabled: true

You can look a walkthrough for security in elastic website.