Docker Compose YAML Elasticsearch HTTPS

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls-docker.html

---------------------------------

services:

  create_certs:

    container_name: create_certs

    image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0

    # command: >

    #   bash -c '

    #     if [[ ! -f /certs/bundle.zip ]]; then

    #       bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;

    #       unzip /certs/bundle.zip -d /certs; 

    #     fi;

    #     chown -R 1000:0 /certs

    #   '

    # user: "0"

    # working_dir: /usr/share/elasticsearch

    # volumes: ['certs:/certs', '.:/usr/share/elasticsearch/config/certificates']

    command: >

      bash -c '

        if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then

          bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""

        fi;

        chown -R 1000:0 /usr/share/elasticsearch/config/certificates

      '

    user: "0"

    working_dir: /usr/share/elasticsearch

    volumes: ['certs:/usr/share/elasticsearch/config/certificates']

  elasticsearch:

    container_name: elasticsearch

    depends_on: [create_certs]

    image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0

    environment:

      - cluster.name=docker-cluster

      - discovery.type=single-node

      - bootstrap.memory_lock=true

      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD # password for default user: elastic 

      - xpack.security.enabled=true

      - xpack.security.transport.ssl.enabled=true

      - xpack.security.transport.ssl.verification_mode=certificate

      - xpack.security.transport.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12

      - xpack.security.transport.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12

      - xpack.security.http.ssl.enabled=true

      - xpack.security.http.ssl.verification_mode=none

      - xpack.security.http.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12

      - xpack.security.http.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12

      # - xpack.license.self_generated.type=trial 

      # - xpack.security.enabled=true

      # - xpack.security.http.ssl.enabled=true

      # - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key

      # - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt

      # - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt

      # - xpack.security.transport.ssl.enabled=true

      # - xpack.security.transport.ssl.verification_mode=certificate 

      # - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt

      # - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt

      # - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key

    volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']

    ulimits:

      nofile:

        soft: 65536

        hard: 65536

      memlock:

        soft: -1

        hard: -1

    ports:

      - "9200:9200"

volumes: {"esdata", "certs"}