docker-compose.yml

version: '2.2'

volumes:
  moloch:
    driver: local
  esdata_01:
    driver: local

services:
   elasticsearch:
     image: docker.elastic.co/elasticsearch/elasticsearch:$ES_KI_VERSION
     hostname: $ELASTIC_NAME
     container_name: $ELASTIC_NAME
     mem_limit: 4192m
     volumes: ['esdata_01:/usr/share/elasticsearch/data', './certificates:$CERTS_DIR']
     environment:
       - cluster.name=docker-cluster
       - network.host=0.0.0.0
       - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
       - node.name=$ELASTIC_NAME
       - discovery.zen.minimum_master_nodes=1
       - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=true
       - xpack.security.http.ssl.enabled=true
       - xpack.security.transport.ssl.enabled=true
       - xpack.security.transport.ssl.verification_mode=certificate
       - xpack.security.audit.enabled=true
       - xpack.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
       - xpack.ssl.certificate=$CERTS_DIR/instances/$ELASTIC_NAME/$ELASTIC_NAME.crt
       - xpack.ssl.key=$CERTS_DIR/instances/$ELASTIC_NAME/$ELASTIC_NAME.key
       # Prevent ES from locking up because of limited relative diskspace :(
       - cluster.routing.allocation.disk.watermark.low=5gb
       - cluster.routing.allocation.disk.watermark.high=2gb
       - cluster.routing.allocation.disk.watermark.flood_stage=1gb
       - cluster.info.update.interval=5m
       # Optimization
       - action.search.shard_count.limit=100000
       - thread_pool.write.queue_size=2000
       - http.compression=true
       - discovery.type=single-node
     healthcheck:
       test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
       interval: 30s
       timeout: 180s
       retries: 5
     restart: always

   kibana:
     image: docker.elastic.co/kibana/kibana:$ES_KI_VERSION
     hostname: $KIBANA_NAME
     container_name: $KIBANA_NAME
     mem_limit: 1024m
     ports:
       - 0.0.0.0:5601:5601
     depends_on:
      - elasticsearch
     volumes:
       - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
       - ./certificates:/usr/share/kibana/config/certs
     environment:
       - KIBANA_NAME=${KIBANA_NAME}
       - ELASTIC_USERNAME=${ELASTIC_USERNAME}
       - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
     restart: always

   moloch:
     build:
       context: .
     hostname: $MOLOCH_NAME
     image: piesecurity/docker-moloch:$MOLOCH_VERSION
     container_name: $MOLOCH_NAME
     restart: always
     environment:
     #Make this line true on first execution and false every other time
       - INITALIZEDB=true
       - MOLOCH_PASSWORD=${MOLOCH_PASSWORD}
       - WIPEDB=false
       - MOLOCH_VERSION=${MOLOCH_VERSION}-1_amd64
       - UBUNTU_VERSION=18.04
       - ES_HOST=$ELASTIC_USERNAME:$ELASTIC_PASSWORD@$MOLOCH_ES_HOST
       - ES_PORT=9200
       - MOLOCH_INTERFACE=eth0
       - CAPTURE=off
       - VIEWER=on
       - MOLOCH_NAME=${MOLOCH_NAME}
       - ELASTIC_USERNAME=${ELASTIC_USERNAME}
       - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
     depends_on:
       - elasticsearch
     ports:
       - 0.0.0.0:8005:8005
     volumes:
       # SSL/TLS security stuff
       - ./certificates:/data/moloch/certs
       - ./certificates/ca:/usr/local/share/ca-certificates/root-certificate
       # Moloch scripts
       - ./scripts/moloch-parse-pcap-folder.sh:/data/moloch-parse-pcap-folder.sh
       - ./scripts/startmoloch.sh:/data/startmoloch.sh
       - ./scripts/wipemoloch.sh:/data/wipemoloch.sh
       - ./scripts/moloch_add_user.sh:/data/moloch/bin/moloch_add_user.sh
       # Pcap folder
       - ./tcpdump:/data/pcap
       - ./raw:/data/moloch/raw
       # Config stuff
       - ./etc:/data/moloch/etc
       - ./etc/Configure.sh:/data/moloch/bin/Configure
       - moloch:/data/configured
       # Logs
       - ./logs:/data/moloch/logs