所有服务使用docker搭建部署,其中keycloak服务已经有,所以在本文中就没有列出。
version: '3'
services:
elasticsearch:
image: elasticsearch:7.6.2
container_name: elasticsearch
environment:
- "cluster.name=elasticsearch"
- "discovery.type=single-node"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- /data/www/elk/plugins:/usr/share/elasticsearch/plugins
- /data/www/elk/data:/usr/share/elasticsearch/data
kibana:
image: kibana:7.6.2
container_name: kibana
links:
- elasticsearch:es
depends_on:
- elasticsearch
environment:
- "elasticsearch.hosts=http://es:9200"
logstash:
image: logstash:7.6.2
container_name: logstash
volumes:
- /data/www/elk/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf
depends_on:
- elasticsearch
links:
- elasticsearch:es
ports:
- 4560:4560
keycloak-gatekeeper:
image: keycloak/keycloak-gatekeeper:7.0.0
container_name: keycloak-gatekeeper
command:
- --config=/etc/proxy.yml
volumes:
- /data/www/elk/proxy.yml:/etc/proxy.yml
ports:
- 5602:5602
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "logback"
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "springboot-logstash-%{[app]}-%{+YYYY.MM.dd}"
}
}
client-id: kibana
client-secret: xxxxxx-xxx-xxxxxx-xxx-xxxxx
discovery-url: https://${domain}/auth/realms/${realm} # 把domain和realm替换为自己的
enable-default-deny: true
encryption-key: rewf7VYkQ2QkaSXVRJoxvX1mDTnLpk2X # 随机生成一个字符串
secure-cookie: false
listen: :5602
redirection-url: http://${host}:5602 # 认证网关地址,这个地址反向代理到upstream-url
upstream-url: http://kibana:5601
enable-refresh-tokens: true
enable-logging: true
resources:
- uri: /*
roles:
- ${whatever} # 配置的允许访问指定uri的role
docker-compose up -d
docker exec -it logstash /bin/bash
cd /bin/
logstash-plugin install logstash-codec-json_lines
exit
docker restart logstash
如果要使用某个client中的role作为认证所需role,则该role在proxy.yml配置文件中的格式为:${client}:${role},如kibana:user;如果使用realm的role,则直接配置role的名字即可。
由于认证过程中会带着全部的roles生成的token去访问,在用户的roles过多的情况下,可能会出现http header过大,这时候就需要修改es和kibana的启动配置文件,调大允许的header size,修改方式为docker cp
出以下文件,修改后再copy回去,然后重启(更好的方式是在Dockerfile中进行或者挂载本地配置文件)。
/usr/share/elasticsearch/config/elasticsearch.yml,增加如下行
http.max_header_size: 1024kb
/usr/share/kibana/bin/kibana,修改该项启动值
--max-http-header-size=10240000