Complete rewrite to run Elasticsearch directly without Docker

FROM cloudron/base:4.0.0

# Install Docker and diagnostic tools

# Install dependencies

RUN apt-get update && apt-get install -y \

    apt-transport-https \

    ca-certificates \

    curl \

    gnupg-agent \

    software-properties-common \

    unzip \

    wget \

    default-jre \

    iproute2 \

    net-tools \

    iputils-ping \

    dnsutils

RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

RUN apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io

# Set environment variables

ENV ELASTIC_VERSION=8.17.3

# Copy app files

# Create elasticsearch user and group

RUN groupadd -g 1000 elasticsearch && \

    useradd -u 1000 -g elasticsearch -s /bin/bash elasticsearch

# Download and install Elasticsearch

RUN mkdir -p /usr/share/elasticsearch && \

    curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz && \

    tar -xzf elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz -C /usr/share/ && \

    mv /usr/share/elasticsearch-${ELASTIC_VERSION}/* /usr/share/elasticsearch/ && \

    rm -rf /usr/share/elasticsearch-${ELASTIC_VERSION} && \

    rm elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz

# Set up directories

RUN mkdir -p /app/data/elasticsearch && \

    mkdir -p /app/data/logs && \

    mkdir -p /app/data/config && \

    mkdir -p /app/data/secrets

# Copy configuration files

COPY elasticsearch.yml /app/data/config/elasticsearch.yml

COPY .env /app/.env

COPY start.sh /app/start.sh

COPY stop.sh /app/stop.sh

# Make scripts executable

RUN chmod +x /app/start.sh /app/stop.sh

# Set up data directory

RUN mkdir -p /app/data

# Add healthcheck

HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \

HEALTHCHECK --interval=10s --timeout=5s --start-period=60s --retries=3 \

    CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1

CMD ["/app/start.sh"] 

 No newline at end of file

# ======================== Elasticsearch Configuration =========================

# ---------------------------------- Cluster -----------------------------------

cluster.name: cloudron-cluster

# ------------------------------------ Node ------------------------------------

node.name: ${HOSTNAME}

node.master: true

node.data: true

# ----------------------------------- Paths ------------------------------------

path.data: /app/data/elasticsearch

path.logs: /app/data/logs

# ---------------------------------- Network -----------------------------------

network.host: 0.0.0.0

http.port: 9200

transport.port: 9300

# --------------------------------- Discovery ----------------------------------

discovery.type: single-node

# --------------------------------- Security ----------------------------------

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: false

xpack.security.http.ssl.enabled: false

# ----------------------------------- Memory ----------------------------------

bootstrap.memory_lock: false

# ---------------------------------- Various ----------------------------------

http.cors.enabled: true

http.cors.allow-origin: "*"

http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE

http.cors.allow-headers: "X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization"

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml* 

 No newline at end of file

    fi

    echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password

    if [ -z "$KIBANA_PASSWORD" ]; then

        KIBANA_PASSWORD=$(generate_password)

        echo "Generated new secure password for Elasticsearch user 'kibana_system'"

    fi

    echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password

    # Mark as initialized

    touch /app/data/.initialized

    echo "Initialization complete."

    if [ -f "/app/data/secrets/elastic_password" ]; then

        ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)

    fi

    if [ -f "/app/data/secrets/kibana_password" ]; then

        KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)

fi

fi

# Set default variables

STACK_VERSION=${STACK_VERSION:-8.17.3}

CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}

LICENSE=${LICENSE:-basic}

# Ensure data directories exist

# Set up the correct directories

mkdir -p /app/data/elasticsearch

mkdir -p /app/data/certs

# Set permissions

chmod -R 777 /app/data

# Check if certificates exist, if not create them

if [ ! -f /app/data/certs/ca.crt ]; then

    echo "Creating certificates..."

    # Create temporary container to generate certificates

    docker run --rm \

        -v /app/data/certs:/usr/share/elasticsearch/config/certs \

        --name es_certs \

        docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} \

        /bin/bash -c "

            elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip &&

            unzip config/certs/ca.zip -d config/certs &&

            elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key --name es01 --dns es01,localhost --ip 127.0.0.1 &&

            unzip config/certs/certs.zip -d config/certs

        "

    echo "Certificates created."

mkdir -p /app/data/logs

mkdir -p /app/data/config

# Copy config if it doesn't exist

if [ ! -f /app/data/config/elasticsearch.yml ]; then

    cp /app/data/config/elasticsearch.yml.orig /app/data/config/elasticsearch.yml || true

fi

# Ensure permissions are correct

chown -R elasticsearch:elasticsearch /app/data/elasticsearch /app/data/logs /app/data/config

# Print the network interfaces for debugging

echo "Network interfaces:"

ip addr show

# Start Elasticsearch

# Set the bootstrap password

echo "Setting elastic user password..."

/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true

# Start Elasticsearch in the background

echo "Starting Elasticsearch..."

docker run \

    -d \

    --restart=always \

    --name elasticsearch \

    -v /app/data/elasticsearch:/usr/share/elasticsearch/data \

    -v /app/data/certs:/usr/share/elasticsearch/config/certs \

    -e node.name=es01 \

    -e cluster.name=${CLUSTER_NAME} \

    -e discovery.type=single-node \

    -e ELASTIC_PASSWORD=${ELASTIC_PASSWORD} \

    -e bootstrap.memory_lock=true \

    -e xpack.security.enabled=true \

    -e xpack.security.http.ssl.enabled=false \

    -e xpack.license.self_generated.type=${LICENSE} \

    -e xpack.ml.use_auto_machine_memory_percent=true \

    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \

    -e network.host=0.0.0.0 \

    --ulimit memlock=-1:-1 \

    -p 0.0.0.0:9200:9200 \

    -p 0.0.0.0:9300:9300 \

    docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}

# Wait for Elasticsearch to be up - try both localhost and 0.0.0.0

cd /usr/share/elasticsearch

su -c "ES_PATH_CONF=/app/data/config /usr/share/elasticsearch/bin/elasticsearch -d -p /app/data/elasticsearch.pid" elasticsearch

# Wait for Elasticsearch to be up

echo "Waiting for Elasticsearch to start..."

until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do

attempts=0

max_attempts=60

until $(curl --output /dev/null --silent --head --fail -u "elastic:$ELASTIC_PASSWORD" http://localhost:9200); do

    printf '.'

    sleep 5

done

echo "Elasticsearch is up and running!"

# If kibana password is set, configure the kibana_system user

if [ ! -z "$KIBANA_PASSWORD" ]; then

    echo "Setting kibana_system user password..."

    until curl -s -X POST -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do

        echo "Waiting for Elasticsearch to be ready to set kibana_system password..."

        sleep 5

    done

    echo "kibana_system password set."

    attempts=$((attempts+1))

    if [ $attempts -ge $max_attempts ]; then

        echo "Elasticsearch failed to start after 5 minutes. Check logs at /app/data/logs/"

        exit 1

    fi

done

echo "Elasticsearch is up and running!"

# Display the credentials

echo "-----------------------------"

echo "Authentication credentials:"

echo "  User: elastic"

echo "  Password: $ELASTIC_PASSWORD"

if [ ! -z "$KIBANA_PASSWORD" ]; then

    echo ""

    echo "Kibana system credentials:"

    echo "  User: kibana_system"

    echo "  Password: $KIBANA_PASSWORD"

fi

echo "-----------------------------"

# Create a credentials file for reference

URL: http://localhost:9200

User: elastic

Password: $ELASTIC_PASSWORD

Kibana system credentials:

User: kibana_system

Password: $KIBANA_PASSWORD

EOL

echo "Credentials saved to /app/data/credentials.txt"

# Keep script running

exec tail -f /dev/null 

 No newline at end of file

# Keep the script running to prevent the container from exiting

tail -f /app/data/logs/*.log 

 No newline at end of file

#!/bin/bash

set -e

# Stop Elasticsearch container

# Check if Elasticsearch is running

if [ -f /app/data/elasticsearch.pid ]; then

    echo "Stopping Elasticsearch..."

docker stop elasticsearch || true

docker rm elasticsearch || true

    PID=$(cat /app/data/elasticsearch.pid)

    if kill -0 "$PID" 2>/dev/null; then

        kill "$PID"

        echo "Waiting for Elasticsearch to stop..."

        # Wait for process to end

        while kill -0 "$PID" 2>/dev/null; do

            sleep 1

        done

    else

        echo "Elasticsearch process not found, cleaning up PID file."

    fi

    rm -f /app/data/elasticsearch.pid

else

    echo "Elasticsearch PID file not found, nothing to stop."

fi

echo "Elasticsearch stopped." 

 No newline at end of file