Wazuh Manager by Marouane July 17, 2024 Docker

Wazuh Docker deployment

 

You can deploy Wazuh as a single-node or multi-node stack. Single-node deployment: Deploys one Wazuh manager, indexer, and dashboard node. Multi-node deployment: Deploys two Wazuh manager nodes (one master and one worker), three Wazuh indexer nodes, and a Wazuh dashboard node. Both deployments use persistence and allow configuring certificates to secure communications between nodes. The multi-node stack is the only deployment that contains high availability.

Single-node Deployment Clone the Wazuh repository to your system:

git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.1

 

Then enter into the single-node directory to execute all the commands described below within this directory.

Provide a group of certificates for each node in the stack to secure communication between the nodes. You have two alternatives to provide these certificates:

Generate self-signed certificates for each cluster node.

We have created a Docker image to automate certificate generation using the Wazuh certs gen tool.

If your system uses a proxy, add the following to the generate-indexer-certs.yml file. If not, skip this particular step:

environment:
  - HTTP_PROXY=YOUR_PROXY_ADDRESS_OR_DNS

 

A completed example looks like:

# Wazuh App Copyright (C) 2017 Wazuh Inc. (License GPLv2)
version: '3'
services:
  generator:
    image: wazuh/wazuh-certs-generator:0.0.2
    hostname: wazuh-certs-generator
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
    environment:
      - HTTP_PROXY=YOUR_PROXY_ADDRESS_OR_DN

 

Execute the following command to get the desired certificates:

docker-compose -f generate-indexer-certs.yml run --rm generator

 

This saves the certificates into the config/wazuh_indexer_ssl_certs directory.

Provide your own certificates for each node.

In case you have your own certificates, provision them as follows in the config/wazuh_indexer_ssl_certs directory:

Wazuh indexer:

config/wazuh_indexer_ssl_certs/root-ca.pem
config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem
config/wazuh_indexer_ssl_certs/wazuh.indexer.pem
config/wazuh_indexer_ssl_certs/admin.pem
config/wazuh_indexer_ssl_certs/admin-key.pem
Wazuh manager:
config/wazuh_indexer_ssl_certs/root-ca-manager.pem
config/wazuh_indexer_ssl_certs/wazuh.manager.pem
config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem
Wazuh dashboard:
config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem
config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem
config/wazuh_indexer_ssl_certs/root-ca.pem
Start the Wazuh single-node deployment using docker-compose:

 

Foreground:

docker-compose up

 

Background:

docker-compose up -d

Copyright © Marouane All Rights Reserved

Buy Me a Coffee
Search