Isinlor/README.md

## README.md

      
    Raw
  

              README.md
            
          
    To install Elastic Search copy & paste into terminal:
wget https://gist.githubusercontent.com/Isinlor/12e80e1891128e77c661/raw/elasticsearch-install.sh && sudo chmod +x ./elasticsearch-install.sh && ./elasticsearch-install.sh

Remember to subscribe to Common Security Vulnerabilities (CVE):
Ubuntu:

http://www.ubuntu.com/usn/
https://www.cvedetails.com/vulnerability-list/vendor_id-51/Ubuntu.html

Docker:

https://www.elastic.co/community/security
http://www.cvedetails.com/vulnerability-list/vendor_id-13534/Docker.html

Elastic Search:

https://www.elastic.co/community/security
https://www.cvedetails.com/vulnerability-list/vendor_id-13554/Elasticsearch.html

Nginx:

http://nginx.org/en/security_advisories.html
http://www.cvedetails.com/vulnerability-list/vendor_id-10048/Nginx.html


## elasticsearch-install.sh
#!/bin/bash
echo "Add repositories"
# more info: https://docs.docker.com/engine/installation/ubuntulinux/#update-your-apt-sources
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo sh -c "echo deb https://apt.dockerproject.org/repo ubuntu-trusty main\ > /etc/apt/sources.list.d/docker.list"
sudo apt-get update

echo "Install Docker"
# more info: https://docs.docker.com/engine/installation/ubuntulinux/#install
sudo apt-get -y install linux-image-extra-$(uname -r)
sudo apt-get -y install docker-engine
sudo service docker start

echo "Configure swappiness to swap only when necessary"
# more info: https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#_swapping_is_the_death_of_performance
# more info: http://askubuntu.com/questions/103915/how-do-i-configure-swappiness
sudo bash -c "echo 'vm.swappiness = 1' >> /etc/sysctl.conf" && sudo sysctl -p

echo "Install, configure and run Docker containers"
# more info: https://docs.docker.com/engine/reference/run

echo "Install and configure Elastic Search v1.7"

# Define Elastic Search configuration file
ELASTICSEARCH_CONF_DIR=$PWD/elasticsearch/config
ELASTICSEARCH_CONF=$ELASTICSEARCH_CONF_DIR/elasticsearch.yml

# Define Elastic Saerch Reverse Proxy port
ELASTICSEARCH_PROXY_PORT=8080

# Create Elastic Search configuration file
# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/setup-configuration.html
# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/modules-scripting.html
mkdir -p $ELASTICSEARCH_CONF_DIR && touch $ELASTICSEARCH_CONF && cat <<ELASTICSEARCH_CONF > $ELASTICSEARCH_CONF
script.inline: off
script.indexed: off
ELASTICSEARCH_CONF

# Install and run Elastic Search
# more info: https://hub.docker.com/_/elasticsearch/
ELASTICSEARCH_ID=$(sudo docker run -d -v "$ELASTICSEARCH_CONF_DIR":/usr/share/elasticsearch/config --memory-swappiness=0 --name=elasticsearch elasticsearch:1.7)
ELASTICSEARCH_IP=$(sudo docker inspect elasticsearch | grep -m 1 \"IPAddress\" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
ELASTICSEARCH_ADDR=$ELASTICSEARCH_IP:9200

echo "Install and configure Nginx v1.9"

# Define Nginx configuration file
NGINX_CONF_DIR=$PWD/nginx
NGINX_CONF=$NGINX_CONF_DIR/nginx.conf

# Create Nginx configuration directory
mkdir -p $NGINX_CONF_DIR

read -p "Communication with Elastic Search will be encrypted.
Nginx require certificate without passphrase:
Please, provide path to public SSL certificate (leaving blank will generate self signed certificate): " ssl_cert
if [[ -z "$ssl_cert"  ]]
then
	# Generate self signed certificate - ONLY FOR LOCAL CONFIGURATION
        openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 && ssl_cert="$PWD/cert.pem" && ssl_key="$PWD/key.pem"
        # Remove passphrase from key.pem
        openssl rsa -in key.pem -out key.pem
elif ! [[ -z "$ssl_cert" ]]
then
        read -p "Please, provide path to private key: " ssl_key
        if [[ -z "$ssl_key" ]]
        then
                echo "No SSL key provided! You have to change it later in $NGINX_CONF"
        fi
fi

echo "Path to SSL certificate: $ssl_cert"
echo "Path to SSL key: $ssl_key"

echo "Certificates will be moved to \"$NGINX_CONF_DIR\" in order to be readable by Nginx"
mv $ssl_cert $NGINX_CONF_DIR/cert.pem && mv $ssl_key $NGINX_CONF_DIR/key.pem

echo "Creating $NGINX_CONF_DIR/.htpasswd file that will be used for Elastic Search HTTP Basic Authentication"
# more info: https://en.wikipedia.org/wiki/Htpasswd
# more info: http://man7.org/linux/man-pages/man8/chpasswd.8.html
# more info: https://en.wikipedia.org/wiki/SHA-2
read -p "Enter Elastic Search username: " ELASTICSEARCH_USER
echo -n "$ELASTICSEARCH_USER:"$(read -ers -p "Enter Elastic Search password: " password; echo $password) | chpasswd -S -c SHA512 >> $NGINX_CONF_DIR/.htpasswd
echo "$NGINX_CONF_DIR/.htpasswd file created!" && sleep 1

# Create Nginx configuration file (allows for HTTPS && HTTP Basic Authentication )
# more info: https://www.elastic.co/blog/playing-http-tricks-nginx
# more info: http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
# more info: http://nginx.org/en/docs/http/configuring_https_servers.html
touch $NGINX_CONF && cat <<NGINX_CONF > $NGINX_CONF
# Based on default Nginx configuration provided with container
# docker cp nginx:/etc/nginx/nginx.conf ./nginx.def.conf
user  nginx;
worker_processes  1;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    server {
        listen 80 ssl;

        ssl_certificate cert.pem;
	ssl_certificate_key key.pem;

	auth_basic "Username and password are required";
	auth_basic_user_file .htpasswd;

        location / {
            proxy_pass http://$ELASTICSEARCH_ADDR;
        }
    }
}
NGINX_CONF

# more info: https://hub.docker.com/_/nginx/
# mount whole Nginx configuration directory to be able to read from there ".htpasswd", "cert.pem" and "key.pem"
NGINX_ID=$(sudo docker run -d -v "$NGINX_CONF_DIR":/etc/nginx:ro -p "$ELASTICSEARCH_PROXY_PORT":80 --name=nginx nginx:1.9)
NGINX_IP=$(sudo docker inspect nginx | grep -m 1 \"IPAddress\" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")

clear && echo "Installation done!"

echo "Installed Docker version: " && docker --version

echo "Check Elastic Search configuration by making a test request: "
echo "Waiting for Elastic Search to boot up at the address \""https://$NGINX_IP:80"\" ..." && sleep 10

# more info: http://curl.haxx.se/docs/manpage.html
# While making request require SSL, allow self signed certificate, login with use of HTTP Basic Auth
curl https://$NGINX_IP:80 --ssl-reqd --insecure --user $ELASTICSEARCH_USER:$(read -ers -p "Enter Elastic Search password: " password; echo $password)

# To remove elastic search container
# sudo docker stop elasticsearch && sudo docker rm elasticsearch

# To remove nginx container
# sudo docker stop nginx && sudo docker rm nginx
	#!/bin/bash
	echo "Add repositories"
	# more info: https://docs.docker.com/engine/installation/ubuntulinux/#update-your-apt-sources
	sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
	sudo sh -c "echo deb https://apt.dockerproject.org/repo ubuntu-trusty main\ > /etc/apt/sources.list.d/docker.list"
	sudo apt-get update

	echo "Install Docker"
	# more info: https://docs.docker.com/engine/installation/ubuntulinux/#install
	sudo apt-get -y install linux-image-extra-$(uname -r)
	sudo apt-get -y install docker-engine
	sudo service docker start

	echo "Configure swappiness to swap only when necessary"
	# more info: https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#_swapping_is_the_death_of_performance
	# more info: http://askubuntu.com/questions/103915/how-do-i-configure-swappiness
	sudo bash -c "echo 'vm.swappiness = 1' >> /etc/sysctl.conf" && sudo sysctl -p

	echo "Install, configure and run Docker containers"
	# more info: https://docs.docker.com/engine/reference/run

	echo "Install and configure Elastic Search v1.7"

	# Define Elastic Search configuration file
	ELASTICSEARCH_CONF_DIR=$PWD/elasticsearch/config
	ELASTICSEARCH_CONF=$ELASTICSEARCH_CONF_DIR/elasticsearch.yml

	# Define Elastic Saerch Reverse Proxy port
	ELASTICSEARCH_PROXY_PORT=8080

	# Create Elastic Search configuration file
	# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/setup-configuration.html
	# more info: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/modules-scripting.html
	mkdir -p $ELASTICSEARCH_CONF_DIR && touch $ELASTICSEARCH_CONF && cat <<ELASTICSEARCH_CONF > $ELASTICSEARCH_CONF
	script.inline: off
	script.indexed: off
	ELASTICSEARCH_CONF

	# Install and run Elastic Search
	# more info: https://hub.docker.com/_/elasticsearch/
	ELASTICSEARCH_ID=$(sudo docker run -d -v "$ELASTICSEARCH_CONF_DIR":/usr/share/elasticsearch/config --memory-swappiness=0 --name=elasticsearch elasticsearch:1.7)
	ELASTICSEARCH_IP=$(sudo docker inspect elasticsearch \| grep -m 1 \"IPAddress\" \| grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
	ELASTICSEARCH_ADDR=$ELASTICSEARCH_IP:9200

	echo "Install and configure Nginx v1.9"

	# Define Nginx configuration file
	NGINX_CONF_DIR=$PWD/nginx
	NGINX_CONF=$NGINX_CONF_DIR/nginx.conf

	# Create Nginx configuration directory
	mkdir -p $NGINX_CONF_DIR

	read -p "Communication with Elastic Search will be encrypted.
	Nginx require certificate without passphrase:
	Please, provide path to public SSL certificate (leaving blank will generate self signed certificate): " ssl_cert
	if [[ -z "$ssl_cert" ]]
	then
	# Generate self signed certificate - ONLY FOR LOCAL CONFIGURATION
	openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 && ssl_cert="$PWD/cert.pem" && ssl_key="$PWD/key.pem"
	# Remove passphrase from key.pem
	openssl rsa -in key.pem -out key.pem
	elif ! [[ -z "$ssl_cert" ]]
	then
	read -p "Please, provide path to private key: " ssl_key
	if [[ -z "$ssl_key" ]]
	then
	echo "No SSL key provided! You have to change it later in $NGINX_CONF"
	fi
	fi

	echo "Path to SSL certificate: $ssl_cert"
	echo "Path to SSL key: $ssl_key"

	echo "Certificates will be moved to \"$NGINX_CONF_DIR\" in order to be readable by Nginx"
	mv $ssl_cert $NGINX_CONF_DIR/cert.pem && mv $ssl_key $NGINX_CONF_DIR/key.pem

	echo "Creating $NGINX_CONF_DIR/.htpasswd file that will be used for Elastic Search HTTP Basic Authentication"
	# more info: https://en.wikipedia.org/wiki/Htpasswd
	# more info: http://man7.org/linux/man-pages/man8/chpasswd.8.html
	# more info: https://en.wikipedia.org/wiki/SHA-2
	read -p "Enter Elastic Search username: " ELASTICSEARCH_USER
	echo -n "$ELASTICSEARCH_USER:"$(read -ers -p "Enter Elastic Search password: " password; echo $password) \| chpasswd -S -c SHA512 >> $NGINX_CONF_DIR/.htpasswd
	echo "$NGINX_CONF_DIR/.htpasswd file created!" && sleep 1

	# Create Nginx configuration file (allows for HTTPS && HTTP Basic Authentication )
	# more info: https://www.elastic.co/blog/playing-http-tricks-nginx
	# more info: http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
	# more info: http://nginx.org/en/docs/http/configuring_https_servers.html
	touch $NGINX_CONF && cat <<NGINX_CONF > $NGINX_CONF
	# Based on default Nginx configuration provided with container
	# docker cp nginx:/etc/nginx/nginx.conf ./nginx.def.conf
	user nginx;
	worker_processes 1;

	pid /var/run/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	server {
	listen 80 ssl;

	ssl_certificate cert.pem;
	ssl_certificate_key key.pem;

	auth_basic "Username and password are required";
	auth_basic_user_file .htpasswd;

	location / {
	proxy_pass http://$ELASTICSEARCH_ADDR;
	}
	}
	}
	NGINX_CONF

	# more info: https://hub.docker.com/_/nginx/
	# mount whole Nginx configuration directory to be able to read from there ".htpasswd", "cert.pem" and "key.pem"
	NGINX_ID=$(sudo docker run -d -v "$NGINX_CONF_DIR":/etc/nginx:ro -p "$ELASTICSEARCH_PROXY_PORT":80 --name=nginx nginx:1.9)
	NGINX_IP=$(sudo docker inspect nginx \| grep -m 1 \"IPAddress\" \| grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")

	clear && echo "Installation done!"

	echo "Installed Docker version: " && docker --version

	echo "Check Elastic Search configuration by making a test request: "
	echo "Waiting for Elastic Search to boot up at the address \""https://$NGINX_IP:80"\" ..." && sleep 10

	# more info: http://curl.haxx.se/docs/manpage.html
	# While making request require SSL, allow self signed certificate, login with use of HTTP Basic Auth
	curl https://$NGINX_IP:80 --ssl-reqd --insecure --user $ELASTICSEARCH_USER:$(read -ers -p "Enter Elastic Search password: " password; echo $password)

	# To remove elastic search container
	# sudo docker stop elasticsearch && sudo docker rm elasticsearch

	# To remove nginx container
	# sudo docker stop nginx && sudo docker rm nginx