From 231855b94b6b784f76606d0e4ab0ce31130193af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20D=C3=BCren?=
 <andreasdueren@Andreass-Mac-mini.local>
Date: Sun, 16 Mar 2025 13:07:14 +0100
Subject: [PATCH] Complete rewrite to run Elasticsearch directly without Docker

---
 elasticsearch-cloudron/Dockerfile        |  36 ++++++--
 elasticsearch-cloudron/elasticsearch.yml |  37 ++++++++
 elasticsearch-cloudron/start.sh          | 112 ++++++-----------------
 elasticsearch-cloudron/stop.sh           |  22 ++++-
 4 files changed, 111 insertions(+), 96 deletions(-)
 create mode 100644 elasticsearch-cloudron/elasticsearch.yml

diff --git a/elasticsearch-cloudron/Dockerfile b/elasticsearch-cloudron/Dockerfile
index 4eb1322..cebf3fb 100644
--- a/elasticsearch-cloudron/Dockerfile
+++ b/elasticsearch-cloudron/Dockerfile
@@ -1,23 +1,42 @@
 FROM cloudron/base:4.0.0
 
-# Install Docker and diagnostic tools
+# Install dependencies
 RUN apt-get update && apt-get install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     gnupg-agent \
-    software-properties-common \
     unzip \
+    wget \
+    default-jre \
     iproute2 \
     net-tools \
     iputils-ping \
     dnsutils
 
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-RUN apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io
+# Set environment variables
+ENV ELASTIC_VERSION=8.17.3
 
-# Copy app files
+# Create elasticsearch user and group
+RUN groupadd -g 1000 elasticsearch && \
+    useradd -u 1000 -g elasticsearch -s /bin/bash elasticsearch
+
+# Download and install Elasticsearch
+RUN mkdir -p /usr/share/elasticsearch && \
+    curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz && \
+    tar -xzf elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz -C /usr/share/ && \
+    mv /usr/share/elasticsearch-${ELASTIC_VERSION}/* /usr/share/elasticsearch/ && \
+    rm -rf /usr/share/elasticsearch-${ELASTIC_VERSION} && \
+    rm elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz
+
+# Set up directories
+RUN mkdir -p /app/data/elasticsearch && \
+    mkdir -p /app/data/logs && \
+    mkdir -p /app/data/config && \
+    mkdir -p /app/data/secrets
+
+# Copy configuration files
+COPY elasticsearch.yml /app/data/config/elasticsearch.yml
 COPY .env /app/.env
 COPY start.sh /app/start.sh
 COPY stop.sh /app/stop.sh
@@ -25,11 +44,8 @@ COPY stop.sh /app/stop.sh
 # Make scripts executable
 RUN chmod +x /app/start.sh /app/stop.sh
 
-# Set up data directory
-RUN mkdir -p /app/data
-
 # Add healthcheck
-HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \
+HEALTHCHECK --interval=10s --timeout=5s --start-period=60s --retries=3 \
     CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1
 
 CMD ["/app/start.sh"] 
\ No newline at end of file
diff --git a/elasticsearch-cloudron/elasticsearch.yml b/elasticsearch-cloudron/elasticsearch.yml
new file mode 100644
index 0000000..d5b42b1
--- /dev/null
+++ b/elasticsearch-cloudron/elasticsearch.yml
@@ -0,0 +1,37 @@
+# ======================== Elasticsearch Configuration =========================
+
+# ---------------------------------- Cluster -----------------------------------
+cluster.name: cloudron-cluster
+
+# ------------------------------------ Node ------------------------------------
+node.name: ${HOSTNAME}
+node.master: true
+node.data: true
+
+# ----------------------------------- Paths ------------------------------------
+path.data: /app/data/elasticsearch
+path.logs: /app/data/logs
+
+# ---------------------------------- Network -----------------------------------
+network.host: 0.0.0.0
+http.port: 9200
+transport.port: 9300
+
+# --------------------------------- Discovery ----------------------------------
+discovery.type: single-node
+
+# --------------------------------- Security ----------------------------------
+xpack.security.enabled: true
+xpack.security.transport.ssl.enabled: false
+xpack.security.http.ssl.enabled: false
+
+# ----------------------------------- Memory ----------------------------------
+bootstrap.memory_lock: false
+
+# ---------------------------------- Various ----------------------------------
+http.cors.enabled: true
+http.cors.allow-origin: "*"
+http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
+http.cors.allow-headers: "X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization"
+
+action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml* 
\ No newline at end of file
diff --git a/elasticsearch-cloudron/start.sh b/elasticsearch-cloudron/start.sh
index 484c3f1..0b3ad74 100644
--- a/elasticsearch-cloudron/start.sh
+++ b/elasticsearch-cloudron/start.sh
@@ -23,12 +23,6 @@ if [[ ! -f /app/data/.initialized ]]; then
     fi
     echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
     
-    if [ -z "$KIBANA_PASSWORD" ]; then
-        KIBANA_PASSWORD=$(generate_password)
-        echo "Generated new secure password for Elasticsearch user 'kibana_system'"
-    fi
-    echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password
-    
     # Mark as initialized
     touch /app/data/.initialized
     echo "Initialization complete."
@@ -38,87 +32,51 @@ else
     if [ -f "/app/data/secrets/elastic_password" ]; then
         ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
     fi
-    
-    if [ -f "/app/data/secrets/kibana_password" ]; then
-        KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)
-    fi
 fi
 
-# Set default variables
-STACK_VERSION=${STACK_VERSION:-8.17.3}
-CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}
-LICENSE=${LICENSE:-basic}
-
-# Ensure data directories exist
+# Set up the correct directories
 mkdir -p /app/data/elasticsearch
-mkdir -p /app/data/certs
+mkdir -p /app/data/logs
+mkdir -p /app/data/config
 
-# Set permissions
-chmod -R 777 /app/data
-
-# Check if certificates exist, if not create them
-if [ ! -f /app/data/certs/ca.crt ]; then
-    echo "Creating certificates..."
-    # Create temporary container to generate certificates
-    docker run --rm \
-        -v /app/data/certs:/usr/share/elasticsearch/config/certs \
-        --name es_certs \
-        docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} \
-        /bin/bash -c "
-            elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip &&
-            unzip config/certs/ca.zip -d config/certs &&
-            elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key --name es01 --dns es01,localhost --ip 127.0.0.1 &&
-            unzip config/certs/certs.zip -d config/certs
-        "
-    echo "Certificates created."
+# Copy config if it doesn't exist
+if [ ! -f /app/data/config/elasticsearch.yml ]; then
+    cp /app/data/config/elasticsearch.yml.orig /app/data/config/elasticsearch.yml || true
 fi
 
+# Ensure permissions are correct
+chown -R elasticsearch:elasticsearch /app/data/elasticsearch /app/data/logs /app/data/config
+
 # Print the network interfaces for debugging
 echo "Network interfaces:"
 ip addr show
 
-# Start Elasticsearch
-echo "Starting Elasticsearch..."
-docker run \
-    -d \
-    --restart=always \
-    --name elasticsearch \
-    -v /app/data/elasticsearch:/usr/share/elasticsearch/data \
-    -v /app/data/certs:/usr/share/elasticsearch/config/certs \
-    -e node.name=es01 \
-    -e cluster.name=${CLUSTER_NAME} \
-    -e discovery.type=single-node \
-    -e ELASTIC_PASSWORD=${ELASTIC_PASSWORD} \
-    -e bootstrap.memory_lock=true \
-    -e xpack.security.enabled=true \
-    -e xpack.security.http.ssl.enabled=false \
-    -e xpack.license.self_generated.type=${LICENSE} \
-    -e xpack.ml.use_auto_machine_memory_percent=true \
-    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-    -e network.host=0.0.0.0 \
-    --ulimit memlock=-1:-1 \
-    -p 0.0.0.0:9200:9200 \
-    -p 0.0.0.0:9300:9300 \
-    docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
+# Set the bootstrap password
+echo "Setting elastic user password..."
+/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
 
-# Wait for Elasticsearch to be up - try both localhost and 0.0.0.0
+# Start Elasticsearch in the background
+echo "Starting Elasticsearch..."
+cd /usr/share/elasticsearch
+su -c "ES_PATH_CONF=/app/data/config /usr/share/elasticsearch/bin/elasticsearch -d -p /app/data/elasticsearch.pid" elasticsearch
+
+# Wait for Elasticsearch to be up
 echo "Waiting for Elasticsearch to start..."
-until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do
+attempts=0
+max_attempts=60
+until $(curl --output /dev/null --silent --head --fail -u "elastic:$ELASTIC_PASSWORD" http://localhost:9200); do
     printf '.'
     sleep 5
+    
+    attempts=$((attempts+1))
+    
+    if [ $attempts -ge $max_attempts ]; then
+        echo "Elasticsearch failed to start after 5 minutes. Check logs at /app/data/logs/"
+        exit 1
+    fi
 done
 echo "Elasticsearch is up and running!"
 
-# If kibana password is set, configure the kibana_system user
-if [ ! -z "$KIBANA_PASSWORD" ]; then
-    echo "Setting kibana_system user password..."
-    until curl -s -X POST -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do
-        echo "Waiting for Elasticsearch to be ready to set kibana_system password..."
-        sleep 5
-    done
-    echo "kibana_system password set."
-fi
-
 # Display the credentials
 echo "-----------------------------"
 echo "Elasticsearch is ready to use!"
@@ -127,12 +85,6 @@ echo ""
 echo "Authentication credentials:"
 echo "  User: elastic"
 echo "  Password: $ELASTIC_PASSWORD"
-if [ ! -z "$KIBANA_PASSWORD" ]; then
-    echo ""
-    echo "Kibana system credentials:"
-    echo "  User: kibana_system"
-    echo "  Password: $KIBANA_PASSWORD"
-fi
 echo "-----------------------------"
 
 # Create a credentials file for reference
@@ -141,13 +93,9 @@ Elasticsearch credentials:
 URL: http://localhost:9200
 User: elastic
 Password: $ELASTIC_PASSWORD
-
-Kibana system credentials:
-User: kibana_system
-Password: $KIBANA_PASSWORD
 EOL
 
 echo "Credentials saved to /app/data/credentials.txt"
 
-# Keep script running
-exec tail -f /dev/null 
\ No newline at end of file
+# Keep the script running to prevent the container from exiting
+tail -f /app/data/logs/*.log 
\ No newline at end of file
diff --git a/elasticsearch-cloudron/stop.sh b/elasticsearch-cloudron/stop.sh
index 19fba36..6216bd7 100644
--- a/elasticsearch-cloudron/stop.sh
+++ b/elasticsearch-cloudron/stop.sh
@@ -1,9 +1,23 @@
 #!/bin/bash
 set -e
 
-# Stop Elasticsearch container
-echo "Stopping Elasticsearch..."
-docker stop elasticsearch || true
-docker rm elasticsearch || true
+# Check if Elasticsearch is running
+if [ -f /app/data/elasticsearch.pid ]; then
+    echo "Stopping Elasticsearch..."
+    PID=$(cat /app/data/elasticsearch.pid)
+    if kill -0 "$PID" 2>/dev/null; then
+        kill "$PID"
+        echo "Waiting for Elasticsearch to stop..."
+        # Wait for process to end
+        while kill -0 "$PID" 2>/dev/null; do
+            sleep 1
+        done
+    else
+        echo "Elasticsearch process not found, cleaning up PID file."
+    fi
+    rm -f /app/data/elasticsearch.pid
+else
+    echo "Elasticsearch PID file not found, nothing to stop."
+fi
 
 echo "Elasticsearch stopped." 
\ No newline at end of file