Home > Software > How to Set Up Elasticsearch with Password Authentication Using Docker Compose

How to Set Up Elasticsearch with Password Authentication Using Docker Compose

Anastasios Antoniadis

Updated on:

Learn how to set up Elasticsearch with password authentication to secure your data. Our guide provides straightforward steps for enhancing the security of your Elasticsearch cluster, ensuring controlled access and protection against unauthorized use.

Docker (1)

Elasticsearch, a powerful open-source search and analytics engine, is pivotal for managing colossal datasets in real-time. While its functionality is robust, securing your Elasticsearch cluster is crucial to prevent unauthorized access. One fundamental security measure is to set up password authentication. This guide will walk you through setting up an Elasticsearch cluster with password authentication using Docker Compose, ensuring your data remains secure.


Before diving into the setup process, ensure you have the following:

  • Docker installed on your system.
  • Docker Compose installed on your system.
  • Basic familiarity with Docker concepts and the YAML syntax used in Docker Compose files.

Step 1: Create a Docker Compose File

Create a directory dedicated to your Elasticsearch setup. This directory will house your Docker Compose file (docker-compose.yml) and any additional configuration files or directories you might need.

mkdir elasticsearch-secure && cd elasticsearch-secure

Create the docker-compose.yml file:

touch docker-compose.yml

Open this file in a text editor and insert the following configuration:

version: '3.8'
    image: docker.elastic.co/elasticsearch/elasticsearch:8.12.2
    container_name: elasticsearch_secure
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "ELASTIC_PASSWORD=YourElasticPasswordHere"
      - "discovery.type=single-node"
      - "xpack.security.enabled=true"
      - "xpack.security.http.ssl.enabled=true"
      - "xpack.security.http.ssl.key=certs/elastic-certificates.p8"
      - "xpack.security.http.ssl.certificate=certs/elastic-certificates.crt"
      - "xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt"
      - "xpack.security.transport.ssl.enabled=true"
      - "xpack.security.transport.ssl.verification_mode=certificate"
      - "xpack.security.transport.ssl.key=certs/elastic-certificates.p8"
      - "xpack.security.transport.ssl.certificate=certs/elastic-certificates.crt"
      - "xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt"
      - ./certs:/usr/share/elasticsearch/config/certs
      - "9200:9200"
      - elasticnet

    driver: bridge

Configuration Explained:

  • image: Specifies the Elasticsearch Docker image version.
  • container_name: Sets a custom name for your Elasticsearch container.
  • environment: Configures Elasticsearch with necessary environment variables, including enabling X-Pack for security features, setting the Elastic password, and configuring SSL/TLS for secure communication.
  • volumes: Maps a local directory to the container, which should contain SSL certificates for securing Elasticsearch.
  • ports: Exposes Elasticsearch’s default port (9200) to the host.
  • networks: Defines a custom network for your Elasticsearch service.

Note: Before starting your container, you must generate SSL certificates and place them in the ./certs directory as specified in the volumes section. Elasticsearch provides tools such as elasticsearch-certutil for certificate generation.

Step 2: Launch Elasticsearch

Navigate to the directory containing your docker-compose.yml file and launch the service by running:

docker compose up -d

This command starts the Elasticsearch container in detached mode with the configurations defined in your Docker Compose file.

Step 3: Verify Secure Access

Once the Elasticsearch service is running, you can verify that it’s properly secured by accessing it through HTTPS and using the password set in the Docker Compose file:

curl -u elastic:YourElasticPasswordHere -k https://localhost:9200

Replace YourElasticPasswordHere with the password you specified in the Docker Compose file. The -k flag is used to bypass certificate verification for testing purposes. For production environments, ensure you use properly signed certificates and remove the -k flag.


Securing your Elasticsearch cluster with password authentication is critical to protecting your data. By leveraging Docker Compose and Elasticsearch’s built-in security features, you can easily configure a secure, password-protected Elasticsearch instance. Remember, while setting a password is a fundamental security measure, consider implementing additional security practices, such as network segmentation, firewall rules, and regular updates, to safeguard your Elasticsearch cluster further.

Anastasios Antoniadis
Follow me
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x