docker-compose.yml

services:

  # The 'setup' service runs a one-off script which initializes users inside
  # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
  # values of the passwords defined in the '.env' file. It also creates the
  # roles required by some of these users.
  #
  # This task only needs to be performed once, during the *initial* startup of
  # the stack. Any subsequent run will reset the passwords of existing users to
  # the values defined inside the '.env' file, and the built-in roles to their
  # default permissions.
  #
  # By default, it is excluded from the services started by 'docker compose up'
  # due to the non-default profile it belongs to. To run it, either provide the
  # '--profile=setup' CLI flag to Compose commands, or "up" the service by name
  # such as 'docker compose up setup'.
  setup:
    profiles:
      - setup
    build:
      context: setup/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    init: true
    volumes:
      - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
      - ./setup/lib.sh:/lib.sh:ro,Z
      - ./setup/roles:/roles:ro,Z
    environment:
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
      METRICBEAT_INTERNAL_PASSWORD: ${METRICBEAT_INTERNAL_PASSWORD:-}
      FILEBEAT_INTERNAL_PASSWORD: ${FILEBEAT_INTERNAL_PASSWORD:-}
      HEARTBEAT_INTERNAL_PASSWORD: ${HEARTBEAT_INTERNAL_PASSWORD:-}
      MONITORING_INTERNAL_PASSWORD: ${MONITORING_INTERNAL_PASSWORD:-}
      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch

  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,Z
      - elasticsearch:/usr/share/elasticsearch/data:Z
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      node.name: elasticsearch
      ES_JAVA_OPTS: -Xms512m -Xmx512m
      # Bootstrap password.
      # Used to initialize the keystore during the initial startup of
      # Elasticsearch. Ignored on subsequent runs.
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk
    restart: unless-stopped

  logstash:
    build:
      context: logstash/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
    ports:
      # - 5044:5044
      - 50000:50000/tcp
      - 50000:50000/udp
      - 9600:9600
    environment:
      LS_JAVA_OPTS: -Xms256m -Xmx256m
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

  kibana:
    build:
      context: kibana/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
    ports:
      - 5601:5601
    environment:
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

  apm-server:
    build:
      context: apm-server
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    container_name: apm-server
    restart: unless-stopped
    cap_add: [ "CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID" ]
    cap_drop: [ "ALL" ]
    ports:
     - 8200:8200
    volumes:
      - ./apm-server/config/apm-server.yml:/usr/share/apm-server/apm-server.yml:ro
    command: >
      apm-server -e
    environment:
      SERVER_NAME: apm-server
      ELASTICSEARCH_HOSTS: http://host.docker.internal:9200
      KIBANA_HOST: http://host.docker.internal:5601
      ELASTIC_USER: $ELASTIC_USER
      ELASTIC_PASSWORD: $ELASTIC_PASSWORD
    healthcheck:
      interval: 10s
      retries: 12
      test: ["CMD-SHELL", "! apm-server test output -E output.elasticsearch.username=$${ELASTIC_USER} -E output.elasticsearch.password=$${ELASTIC_PASSWORD} | grep -q ERROR" ]   
    depends_on:
      - elasticsearch
      - kibana

  metricbeat:
    build:
      context: metricbeat
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    restart: unless-stopped
    ports:
     - 5066:5066
    volumes:
      - ./metricbeat/config/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro
    environment:
      ELASTICSEARCH_HOSTS: http://host.docker.internal:9200
      KIBANA_HOST: http://host.docker.internal:5601
      ELASTIC_USER: $ELASTIC_USER
      ELASTIC_PASSWORD: $ELASTIC_PASSWORD
    command: >
      metricbeat -e --strict.perms=false
    depends_on:
      - elasticsearch
      - kibana

  filebeat:
    build:
      context: filebeat
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    restart: unless-stopped
    ports:
     - 5044:5044
    volumes:
      - ./filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
      # This should be pointed to the location where the files are located.
      - C:/tmp:/var/log/apps:ro
    environment:
      ELASTICSEARCH_HOSTS: http://host.docker.internal:9200
      KIBANA_HOST: http://host.docker.internal:5601
      ELASTIC_USER: $ELASTIC_USER
      ELASTIC_PASSWORD: $ELASTIC_PASSWORD
    command: >
      filebeat -e --strict.perms=false
    depends_on:
      - elasticsearch
      - kibana



networks:
  elk:
    driver: bridge

volumes:
  elasticsearch: