|
#!/bin/bash |
|
echo "Add repositories" |
|
# more info: https://docs.docker.com/engine/installation/ubuntulinux/#update-your-apt-sources |
|
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D |
|
sudo sh -c "echo deb https://apt.dockerproject.org/repo ubuntu-trusty main\ > /etc/apt/sources.list.d/docker.list" |
|
sudo apt-get update |
|
|
|
echo "Install Docker" |
|
# more info: https://docs.docker.com/engine/installation/ubuntulinux/#install |
|
sudo apt-get -y install linux-image-extra-$(uname -r) |
|
sudo apt-get -y install docker-engine |
|
sudo service docker start |
|
|
|
echo "Configure swappiness to swap only when necessary" |
|
# more info: https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#_swapping_is_the_death_of_performance |
|
# more info: http://askubuntu.com/questions/103915/how-do-i-configure-swappiness |
|
sudo bash -c "echo 'vm.swappiness = 1' >> /etc/sysctl.conf" && sudo sysctl -p |
|
|
|
echo "Install, configure and run Docker containers" |
|
# more info: https://docs.docker.com/engine/reference/run |
|
|
|
echo "Install and configure Elastic Search v1.7" |
|
|
|
# Define Elastic Search configuration file |
|
ELASTICSEARCH_CONF_DIR=$PWD/elasticsearch/config |
|
ELASTICSEARCH_CONF=$ELASTICSEARCH_CONF_DIR/elasticsearch.yml |
|
|
|
# Define Elastic Saerch Reverse Proxy port |
|
ELASTICSEARCH_PROXY_PORT=8080 |
|
|
|
# Create Elastic Search configuration file |
|
# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/setup-configuration.html |
|
# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/modules-scripting.html |
|
mkdir -p $ELASTICSEARCH_CONF_DIR && touch $ELASTICSEARCH_CONF && cat <<ELASTICSEARCH_CONF > $ELASTICSEARCH_CONF |
|
script.inline: off |
|
script.indexed: off |
|
ELASTICSEARCH_CONF |
|
|
|
# Install and run Elastic Search |
|
# more info: https://hub.docker.com/_/elasticsearch/ |
|
ELASTICSEARCH_ID=$(sudo docker run -d -v "$ELASTICSEARCH_CONF_DIR":/usr/share/elasticsearch/config --memory-swappiness=0 --name=elasticsearch elasticsearch:1.7) |
|
ELASTICSEARCH_IP=$(sudo docker inspect elasticsearch | grep -m 1 \"IPAddress\" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") |
|
ELASTICSEARCH_ADDR=$ELASTICSEARCH_IP:9200 |
|
|
|
echo "Install and configure Nginx v1.9" |
|
|
|
# Define Nginx configuration file |
|
NGINX_CONF_DIR=$PWD/nginx |
|
NGINX_CONF=$NGINX_CONF_DIR/nginx.conf |
|
|
|
# Create Nginx configuration directory |
|
mkdir -p $NGINX_CONF_DIR |
|
|
|
read -p "Communication with Elastic Search will be encrypted. |
|
Nginx require certificate without passphrase: |
|
Please, provide path to public SSL certificate (leaving blank will generate self signed certificate): " ssl_cert |
|
if [[ -z "$ssl_cert" ]] |
|
then |
|
# Generate self signed certificate - ONLY FOR LOCAL CONFIGURATION |
|
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 && ssl_cert="$PWD/cert.pem" && ssl_key="$PWD/key.pem" |
|
# Remove passphrase from key.pem |
|
openssl rsa -in key.pem -out key.pem |
|
elif ! [[ -z "$ssl_cert" ]] |
|
then |
|
read -p "Please, provide path to private key: " ssl_key |
|
if [[ -z "$ssl_key" ]] |
|
then |
|
echo "No SSL key provided! You have to change it later in $NGINX_CONF" |
|
fi |
|
fi |
|
|
|
echo "Path to SSL certificate: $ssl_cert" |
|
echo "Path to SSL key: $ssl_key" |
|
|
|
echo "Certificates will be moved to \"$NGINX_CONF_DIR\" in order to be readable by Nginx" |
|
mv $ssl_cert $NGINX_CONF_DIR/cert.pem && mv $ssl_key $NGINX_CONF_DIR/key.pem |
|
|
|
echo "Creating $NGINX_CONF_DIR/.htpasswd file that will be used for Elastic Search HTTP Basic Authentication" |
|
# more info: https://en.wikipedia.org/wiki/Htpasswd |
|
# more info: http://man7.org/linux/man-pages/man8/chpasswd.8.html |
|
# more info: https://en.wikipedia.org/wiki/SHA-2 |
|
read -p "Enter Elastic Search username: " ELASTICSEARCH_USER |
|
echo -n "$ELASTICSEARCH_USER:"$(read -ers -p "Enter Elastic Search password: " password; echo $password) | chpasswd -S -c SHA512 >> $NGINX_CONF_DIR/.htpasswd |
|
echo "$NGINX_CONF_DIR/.htpasswd file created!" && sleep 1 |
|
|
|
# Create Nginx configuration file (allows for HTTPS && HTTP Basic Authentication ) |
|
# more info: https://www.elastic.co/blog/playing-http-tricks-nginx |
|
# more info: http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html |
|
# more info: http://nginx.org/en/docs/http/configuring_https_servers.html |
|
touch $NGINX_CONF && cat <<NGINX_CONF > $NGINX_CONF |
|
# Based on default Nginx configuration provided with container |
|
# docker cp nginx:/etc/nginx/nginx.conf ./nginx.def.conf |
|
user nginx; |
|
worker_processes 1; |
|
|
|
pid /var/run/nginx.pid; |
|
|
|
events { |
|
worker_connections 1024; |
|
} |
|
|
|
http { |
|
server { |
|
listen 80 ssl; |
|
|
|
ssl_certificate cert.pem; |
|
ssl_certificate_key key.pem; |
|
|
|
auth_basic "Username and password are required"; |
|
auth_basic_user_file .htpasswd; |
|
|
|
location / { |
|
proxy_pass http://$ELASTICSEARCH_ADDR; |
|
} |
|
} |
|
} |
|
NGINX_CONF |
|
|
|
# more info: https://hub.docker.com/_/nginx/ |
|
# mount whole Nginx configuration directory to be able to read from there ".htpasswd", "cert.pem" and "key.pem" |
|
NGINX_ID=$(sudo docker run -d -v "$NGINX_CONF_DIR":/etc/nginx:ro -p "$ELASTICSEARCH_PROXY_PORT":80 --name=nginx nginx:1.9) |
|
NGINX_IP=$(sudo docker inspect nginx | grep -m 1 \"IPAddress\" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") |
|
|
|
clear && echo "Installation done!" |
|
|
|
echo "Installed Docker version: " && docker --version |
|
|
|
echo "Check Elastic Search configuration by making a test request: " |
|
echo "Waiting for Elastic Search to boot up at the address \""https://$NGINX_IP:80"\" ..." && sleep 10 |
|
|
|
# more info: http://curl.haxx.se/docs/manpage.html |
|
# While making request require SSL, allow self signed certificate, login with use of HTTP Basic Auth |
|
curl https://$NGINX_IP:80 --ssl-reqd --insecure --user $ELASTICSEARCH_USER:$(read -ers -p "Enter Elastic Search password: " password; echo $password) |
|
|
|
# To remove elastic search container |
|
# sudo docker stop elasticsearch && sudo docker rm elasticsearch |
|
|
|
# To remove nginx container |
|
# sudo docker stop nginx && sudo docker rm nginx |