bitnami/elasticsearch
Bitnami Secure Image for elasticsearch
100M+
bitnami/elasticsearch repository overview
Bitnami Elasticsearch Stack
What is Elasticsearch?
Elasticsearch is a distributed search and analytics engine. It is used for web search, log monitoring, and real-time analytics. Ideal for Big Data applications.
Overview of Elasticsearch Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
TL;DR
docker run --name elasticsearch bitnami/elasticsearch:latest
You can find the available configuration options in the Environment Variables section.
Why use Bitnami Secure Images?
Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?
- Hardened secure images of popular open source software with Near-Zero Vulnerabilities
- Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
- Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
- Software supply chain provenance attestation through in-toto
- First class support for the internet’s favorite Helm charts
Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.
If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.
How to deploy Elasticsearch in Kubernetes?
Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami Elasticsearch Chart GitHub repository.
Why use a non-root container?
Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.
Supported tags and respective Dockerfile links
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.
You can see the equivalence between the different tags by taking a look at the tags-info.yaml file present in the branch folder, i.e bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml.
Subscribe to project updates by watching the bitnami/containers GitHub repo.
Get this image
The recommended way to get the Bitnami Elasticsearch Docker Image is to pull the prebuilt image from the Docker Hub Registry.
docker pull bitnami/elasticsearch:latest
To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.
docker pull bitnami/elasticsearch:[TAG]
If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.
git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t bitnami/APP:latest .
Persisting your application
If you remove the container all your data will be lost, and the next time you run the image the application will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the /bitnami path. If the mounted directory is empty, it will be initialized on the first run.
docker run \
-v /path/to/elasticsearch-data-persistence:/bitnami/elasticsearch/data \
bitnami/elasticsearch:latest
or by making a minor change to the docker-compose.yml file present in this repository:
elasticsearch:
...
volumes:
- /path/to/elasticsearch-data-persistence:/bitnami/elasticsearch/data
...
NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID
1001.
It is also possible to use multiple volumes for data persistence by using the ELASTICSEARCH_DATA_DIR_LIST environment variable:
elasticsearch:
...
volumes:
- /path/to/elasticsearch-data-persistence-1:/elasticsearch/data-1
- /path/to/elasticsearch-data-persistence-2:/elasticsearch/data-2
environment:
- ELASTICSEARCH_DATA_DIR_LIST=/elasticsearch/data-1,/elasticsearch/data-2
...
Connecting to other containers
Using Docker container networking, an Elasticsearch server running inside a container can easily be accessed by your application containers.
Containers attached to the same network can communicate with each other using the container name as the hostname.
Using the Command Line
Step 1: Create a network
docker network create app-tier --driver bridge
Step 2: Launch the Elasticsearch server instance
Use the --network app-tier argument to the docker run command to attach the Elasticsearch container to the app-tier network.
docker run -d --name elasticsearch-server \
--network app-tier \
bitnami/elasticsearch:latest
Step 3: Launch your application container
docker run -d --name myapp \
--network app-tier \
YOUR_APPLICATION_IMAGE
IMPORTANT:
- Please update the YOUR_APPLICATION_IMAGE_ placeholder in the above snippet with your application image
- In your application container, use the hostname
elasticsearch-serverto connect to the Elasticsearch server
Using a Docker Compose file
When not specified, Docker Compose automatically sets up a new network and attaches all deployed services to that network. However, we will explicitly define a new bridge network named app-tier. In this example we assume that you want to connect to the Elasticsearch server from your own custom application image which is identified in the following snippet by the service name myapp.
version: '2'
networks:
app-tier:
driver: bridge
services:
elasticsearch:
image: bitnami/elasticsearch:latest
networks:
- app-tier
myapp:
image: YOUR_APPLICATION_IMAGE
networks:
- app-tier
IMPORTANT:
- Please update the YOUR_APPLICATION_IMAGE_ placeholder in the above snippet with your application image
- In your application container, use the hostname
elasticsearchto connect to the Elasticsearch server
Launch the containers using:
docker-compose up -d
Configuration
Environment variables
Customizable environment variables
| Name | Description | Default Value |
|---|---|---|
ELASTICSEARCH_CERTS_DIR | Path to certificates folder. | ${DB_CONF_DIR}/certs |
ELASTICSEARCH_DATA_DIR_LIST | Comma, semi-colon or space separated list of directories to use for data storage | nil |
ELASTICSEARCH_BIND_ADDRESS | Elasticsearch bind address | nil |
ELASTICSEARCH_ADVERTISED_HOSTNAME | Elasticsearch advertised hostname, used for publish | nil |
ELASTICSEARCH_CLUSTER_HOSTS | Elasticsearch cluster hosts | nil |
ELASTICSEARCH_CLUSTER_MASTER_HOSTS | Elasticsearch cluster master hosts | nil |
ELASTICSEARCH_CLUSTER_NAME | Elasticsearch cluster name | nil |
ELASTICSEARCH_HEAP_SIZE | Elasticsearch heap size | 1024m |
ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE | Elasticsearch maximum allowed memory percentage | 100 |
ELASTICSEARCH_MAX_ALLOWED_MEMORY | Elasticsearch maximum allowed memory amount (in megabytes) | nil |
ELASTICSEARCH_MAX_TIMEOUT | Elasticsearch maximum init timeout | 60 |
ELASTICSEARCH_LOCK_ALL_MEMORY | Sets bootstrap.memory_lock parameter | no |
ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP | Disable JVM Heap dump | no |
ELASTICSEARCH_DISABLE_GC_LOGS | Disable GC logs | no |
ELASTICSEARCH_IS_DEDICATED_NODE | If false, Elasticsearch will be configured with all the roles, deploy as dedicated node using DB_NODE_ROLES. | no |
ELASTICSEARCH_MINIMUM_MASTER_NODES | Minimum number of master nodes | nil |
ELASTICSEARCH_NODE_NAME | Elasticsearch node name | nil |
ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH | Elasticsearch repo path to restore snapshots from system repository | nil |
ELASTICSEARCH_NODE_ROLES | Comma-separated list of Elasticsearch roles. If empty, will be deployed as a coordinating-only node. | nil |
ELASTICSEARCH_PLUGINS | List of Elasticsearch plugins to activate | nil |
ELASTICSEARCH_TRANSPORT_PORT_NUMBER | Elasticsearch node port number | 9300 |
ELASTICSEARCH_HTTP_PORT_NUMBER | Elasticsearch port | 9200 |
ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME | Enable action destructive requires name | nil |
ELASTICSEARCH_ENABLE_SECURITY | Enable Elasticsearch security settings. | false |
ELASTICSEARCH_PASSWORD | Password for "elastic" user. | bitnami |
ELASTICSEARCH_TLS_VERIFICATION_MODE | Elasticsearch TLS verification mode in transport layer. | full |
ELASTICSEARCH_TLS_USE_PEM | Configure Security settings using PEM certificates. | false |
ELASTICSEARCH_KEYSTORE_PASSWORD | Password for the Elasticsearch keystore containing the certificates or password-protected PEM key. | nil |
ELASTICSEARCH_TRUSTSTORE_PASSWORD | Password for the Elasticsearch truststore. | nil |
ELASTICSEARCH_KEY_PASSWORD | Password for the Elasticsearch node PEM key. | nil |
ELASTICSEARCH_KEYSTORE_LOCATION | Path to Keystore | ${DB_CERTS_DIR}/elasticsearch.keystore.jks |
ELASTICSEARCH_TRUSTSTORE_LOCATION | Path to Truststore. | ${DB_CERTS_DIR}/elasticsearch.truststore.jks |
ELASTICSEARCH_NODE_CERT_LOCATION | Path to PEM node certificate. | ${DB_CERTS_DIR}/tls.crt |
ELASTICSEARCH_NODE_KEY_LOCATION | Path to PEM node key. | ${DB_CERTS_DIR}/tls.key |
ELASTICSEARCH_CA_CERT_LOCATION | Path to CA certificate. | ${DB_CERTS_DIR}/ca.crt |
ELASTICSEARCH_SKIP_TRANSPORT_TLS | Skips transport layer TLS configuration. Useful when deploying single-node clusters. | false |
ELASTICSEARCH_TRANSPORT_TLS_USE_PEM | Configure transport layer TLS settings using PEM certificates. | $DB_TLS_USE_PEM |
ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD | Password for the Elasticsearch transport layer TLS keystore containing the certificates or password-protected PEM key. | $DB_KEYSTORE_PASSWORD |
ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD | Password for the Elasticsearch transport layer TLS truststore. | $DB_TRUSTSTORE_PASSWORD |
ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD | Password for the Elasticsearch transport layer TLS node PEM key. | $DB_KEY_PASSWORD |
ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION | Path to Keystore for transport layer TLS. | $DB_KEYSTORE_LOCATION |
ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION | Path to Truststore for transport layer TLS. | $DB_TRUSTSTORE_LOCATION |
ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION | Path to PEM node certificate for transport layer TLS. | $DB_NODE_CERT_LOCATION |
ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION | Path to PEM node key for transport layer TLS. | $DB_NODE_KEY_LOCATION |
ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION | Path to CA certificate for transport layer TLS. | $DB_CA_CERT_LOCATION |
ELASTICSEARCH_ENABLE_REST_TLS | Enable TLS encryption for REST API communications. | true |
ELASTICSEARCH_HTTP_TLS_USE_PEM | Configure HTTP TLS settings using PEM certificates. | $DB_TLS_USE_PEM |
ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD | Password for the Elasticsearch HTTP TLS keystore containing the certificates or password-protected PEM key. | $DB_KEYSTORE_PASSWORD |
ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD | Password for the Elasticsearch HTTP TLS truststore. | $DB_TRUSTSTORE_PASSWORD |
ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD | Password for the Elasticsearch HTTP TLS node PEM key. | $DB_KEY_PASSWORD |
ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION | Path to Keystore for HTTP TLS. | $DB_KEYSTORE_LOCATION |
ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION | Path to Truststore for HTTP TLS. | $DB_TRUSTSTORE_LOCATION |
ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION | Path to PEM node certificate for HTTP TLS. | $DB_NODE_CERT_LOCATION |
ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION | Path to PEM node key for HTTP TLS. | $DB_NODE_KEY_LOCATION |
ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION | Path to CA certificate for HTTP TLS. | $DB_CA_CERT_LOCATION |
ELASTICSEARCH_ENABLE_FIPS_MODE | Enables FIPS mode of operation | false |
ELASTICSEARCH_PASSWD_HASH_ALGORITHM | Password hashing algorithm | nil |
ELASTICSEARCH_KEYS | Comma-separated list of key=value to be added to the Elasticsearch keystore | nil |
ES_JAVA_HOME | Elasticsearch supported Java installation folder. | ${JAVA_HOME} |
Read-only environment variables
| Name | Description | Value |
|---|---|---|
DB_FLAVOR | Database flavor. Valid values: elasticsearch or opensearch. | elasticsearch |
ELASTICSEARCH_VOLUME_DIR | Persistence base directory | /bitnami/elasticsearch |
ELASTICSEARCH_BASE_DIR | Elasticsearch installation directory | /opt/bitnami/elasticsearch |
ELASTICSEARCH_CONF_DIR | Elasticsearch configuration directory | ${DB_BASE_DIR}/config |
ELASTICSEARCH_DEFAULT_CONF_DIR | Elasticsearch default configuration directory | ${DB_BASE_DIR}/config.default |
ELASTICSEARCH_LOGS_DIR | Elasticsearch logs directory | ${DB_BASE_DIR}/logs |
ELASTICSEARCH_PLUGINS_DIR | Elasticsearch plugins directory | ${DB_BASE_DIR}/plugins |
ELASTICSEARCH_DEFAULT_PLUGINS_DIR | Elasticsearch default plugins directory | ${DB_BASE_DIR}/plugins.default |
ELASTICSEARCH_DATA_DIR | Elasticsearch data directory | ${DB_VOLUME_DIR}/data |
ELASTICSEARCH_TMP_DIR | Elasticsearch temporary directory | ${DB_BASE_DIR}/tmp |
ELASTICSEARCH_BIN_DIR | Elasticsearch executables directory | ${DB_BASE_DIR}/bin |
ELASTICSEARCH_MOUNTED_PLUGINS_DIR | Directory where plugins are mounted | ${DB_VOLUME_DIR}/plugins |
ELASTICSEARCH_CONF_FILE | Path to Elasticsearch configuration file | ${DB_CONF_DIR}/elasticsearch.yml |
ELASTICSEARCH_LOG_FILE | Path to the Elasticsearch log file | ${DB_LOGS_DIR}/elasticsearch.log |
ELASTICSEARCH_PID_FILE | Path to the Elasticsearch pid file | ${DB_TMP_DIR}/elasticsearch.pid |
ELASTICSEARCH_INITSCRIPTS_DIR | Path to the Elasticsearch container init scripts directory | /docker-entrypoint-initdb.d |
ELASTICSEARCH_DAEMON_USER | Elasticsearch system user | elasticsearch |
ELASTICSEARCH_DAEMON_GROUP | Elasticsearch system group | elasticsearch |
Note: the README for this container is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://github.com/bitnami/containers/blob/main/bitnami/elasticsearch/README.md
Tag Summary
No tags have been pushed to this repository yet.
This week's pulls
Pulls:
821
Last week
