diff --git a/.gitignore b/.gitignore index 7e443dd..d37359c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,10 +6,9 @@ elasticsearch-cloudron-package.zip .DS_Store # Environment files that might contain sensitive information (template provided instead) -.env # Directories not needed for the package CloudronPackage/ elasticsearch-cloudron/data/ elasticsearch-cloudron/exec/ -elasticsearch-cloudron/setup/ \ No newline at end of file +elasticsearch-cloudron/setup/ diff --git a/elasticsearch-cloudron/.env b/elasticsearch-cloudron/.env new file mode 100644 index 0000000..59569a0 --- /dev/null +++ b/elasticsearch-cloudron/.env @@ -0,0 +1,27 @@ +# Password for the 'elastic' user (at least 6 characters) +# Will be dynamically generated on first startup if empty +ELASTIC_PASSWORD= + +# Password for the 'kibana_system' user (at least 6 characters) +# Will be dynamically generated on first startup if empty +KIBANA_PASSWORD= + +# Version of Elastic products +STACK_VERSION=8.17.3 + +# Set the cluster name +CLUSTER_NAME=cloudron-cluster + +# Set to 'basic' or 'trial' to automatically start the 30-day trial +LICENSE=basic +#LICENSE=trial + +# Port to expose Elasticsearch HTTP API to the host +# For Cloudron, we always use 127.0.0.1 to ensure it's only accessible internally +ES_PORT=127.0.0.1:9200 + +# Increase or decrease based on the available host memory (in bytes) +MEM_LIMIT=1073741824 + +# Data directory for Cloudron +CLOUDRON_DATA_DIR=/app/data \ No newline at end of file diff --git a/elasticsearch-cloudron/start.sh b/elasticsearch-cloudron/start.sh index 03ed83a..50193c1 100644 --- a/elasticsearch-cloudron/start.sh +++ b/elasticsearch-cloudron/start.sh @@ -4,11 +4,32 @@ set -e # Source environment variables source /app/.env -# Set default variables if not provided -ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-cloudron} +# Function to generate a random password +generate_password() { + cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1 +} + +# Generate a random password for Elasticsearch if not provided +if [ -z "$ELASTIC_PASSWORD" ]; then + ELASTIC_PASSWORD=$(generate_password) + # Save the password to the .env file + sed -i "s/^ELASTIC_PASSWORD=.*/ELASTIC_PASSWORD=$ELASTIC_PASSWORD/" /app/.env + echo "Generated new secure password for Elasticsearch user 'elastic'" +fi + +# Generate a random password for Kibana if not provided +if [ -z "$KIBANA_PASSWORD" ]; then + KIBANA_PASSWORD=$(generate_password) + # Save the password to the .env file + sed -i "s/^KIBANA_PASSWORD=.*/KIBANA_PASSWORD=$KIBANA_PASSWORD/" /app/.env + echo "Generated new secure password for Elasticsearch user 'kibana_system'" +fi + +# Set default variables STACK_VERSION=${STACK_VERSION:-8.17.3} CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster} LICENSE=${LICENSE:-basic} +ES_PORT=${ES_PORT:-127.0.0.1:9200} # Ensure data directories exist mkdir -p /app/data/elasticsearch @@ -65,5 +86,45 @@ until $(curl --output /dev/null --silent --head --fail http://localhost:9200); d done echo "Elasticsearch is up and running!" +# If kibana password is set, configure the kibana_system user +if [ ! -z "$KIBANA_PASSWORD" ]; then + echo "Setting kibana_system user password..." + until curl -s -X POST -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do + echo "Waiting for Elasticsearch to be ready to set kibana_system password..." + sleep 5 + done + echo "kibana_system password set." +fi + +# Display the credentials +echo "-----------------------------" +echo "Elasticsearch is ready to use!" +echo "URL: http://localhost:9200" +echo "" +echo "Authentication credentials:" +echo " User: elastic" +echo " Password: $ELASTIC_PASSWORD" +if [ ! -z "$KIBANA_PASSWORD" ]; then + echo "" + echo "Kibana system credentials:" + echo " User: kibana_system" + echo " Password: $KIBANA_PASSWORD" +fi +echo "-----------------------------" + +# Create a credentials file for reference +cat > /app/data/credentials.txt << EOL +Elasticsearch credentials: +URL: http://localhost:9200 +User: elastic +Password: $ELASTIC_PASSWORD + +Kibana system credentials: +User: kibana_system +Password: $KIBANA_PASSWORD +EOL + +echo "Credentials saved to /app/data/credentials.txt" + # Keep script running exec tail -f /dev/null \ No newline at end of file