Optimize codebase: Refactor start.sh, clean up elasticsearch.yml, and streamline Dockerfile

elasticsearch.yml

@@ -5,12 +5,8 @@ cluster.name: cloudron-cluster
 
 # ------------------------------------ Node ------------------------------------
 node.name: ${HOSTNAME}
-# The following settings are deprecated in Elasticsearch 8.x
-# node.master: true
-# node.data: true
 # In Elasticsearch 8.x, a node is both a master-eligible and data node by default
-# To change this behavior, use roles instead
-#node.roles: [ master, data ]
+# To change this behavior, use roles instead: node.roles: [ master, data, ...]
 
 # ----------------------------------- Paths ------------------------------------
 path.data: /app/data/elasticsearch
@@ -26,35 +22,26 @@ discovery.type: single-node
 
 # --------------------------------- Security ----------------------------------
 xpack.security.enabled: true
-
-# Transport layer settings (for node-to-node communication)
 xpack.security.transport.ssl.enabled: false
-# xpack.security.transport.ssl.verification_mode: none
-# xpack.security.transport.ssl.keystore.path: /app/data/config/elastic-certificates.p12
-# xpack.security.transport.ssl.truststore.path: /app/data/config/elastic-certificates.p12
-
-# HTTP layer settings (for client connections)
 xpack.security.http.ssl.enabled: false
-
-# Allow basic auth
 xpack.security.authc.token.enabled: false
 xpack.security.authc.api_key.enabled: false
-
-# Required password hashing algorithm
 xpack.security.authc.password_hashing.algorithm: bcrypt
 
 # ----------------------------------- Memory ----------------------------------
-bootstrap.memory_lock: false
+# Memory locking to prevent swapping
+bootstrap.memory_lock: true
 
-# ---------------------------------- Various ----------------------------------
+# ---------------------------------- HTTP/REST API ---------------------------
 http.cors.enabled: true
 http.cors.allow-origin: "*"
 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
 http.cors.allow-headers: "X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization"
 
+# Allow auto-creation of system indices
 action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml* 
 
-# ---------------------------------- Performance Optimizations ----------------------------------
+# ---------------------------------- Performance Optimizations ------------------
 
 # Circuit breaker settings
 indices.breaker.total.limit: 70%
@@ -62,23 +49,16 @@ indices.breaker.total.limit: 70%
 # Memory optimization
 indices.fielddata.cache.size: 20%
 indices.memory.index_buffer_size: 20%
+indices.queries.cache.size: 15%
 
 # Thread pool and queue sizes
 thread_pool.write.queue_size: 1000
 thread_pool.search.queue_size: 1000
 
-# Indexing settings
-indices.queries.cache.size: 15%
-bootstrap.memory_lock: true
-
 # I/O optimization
 bootstrap.system_call_filter: false
 
-# Refresh interval - Set to a higher value if you prioritize indexing speed over search freshness
-# indices.refresh_interval: 30s
-# This setting should be applied per index, not globally
-
-# Index defaults
+# Default index settings
 index.number_of_shards: 1
 index.number_of_replicas: 0
 
@@ -88,5 +68,5 @@ index.merge.policy.floor_segment: 2mb
 index.merge.policy.max_merge_at_once: 4
 index.merge.policy.segments_per_tier: 8
 
-# GC settings - these complement the JVM options set in start.sh
+# Set processors based on container configuration
 processors: ${PROCESSORS:1}