services: opensearch: container_name: opensearch build: ../opensearch image: registry.gitlab.com/digiresilience/link/link-stack/opensearch:${LINK_STACK_VERSION} restart: ${RESTART} environment: - discovery.type=single-node # - plugins.security.ssl.transport.enforce_hostname_verification=false # - plugins.security.ssl.transport.resolve_hostname=false - cluster.routing.allocation.disk.watermark.low=3gb - cluster.routing.allocation.disk.watermark.high=2gb - cluster.routing.allocation.disk.watermark.flood_stage=500mb - cluster.info.update.interval=1m # - config.dynamic.http.xff.enabled=true # - config.dynamic.http.xff.remoteIpHeader="x-forwarded-for" # - config.dynamic.http.xff.internalProxies=".*" - node.name=opensearch-node1 - bootstrap.memory_lock=true - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_ADMIN_PASSWORD}" - compatibility.override_main_response_version=true ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - opensearch-data:/usr/share/opensearch/data - ../opensearch/config.yml:/usr/share/opensearch/config/opensearch-security/config.yml ports: - 9200:9200 - 9600:9600 opensearch-dashboards: container_name: opensearch-dashboards build: ../opensearch-dashboards image: registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:${LINK_STACK_VERSION} restart: ${RESTART} ports: - 5601:5601 expose: - "5601" volumes: - ../opensearch-dashboards/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml environment: OPENSEARCH_HOSTS: '["https://opensearch:9200"]' # OPENSEARCH_SECURITY_AUTH_TYPE: "proxy" # OPENSEARCH_SECURITY_PROXYCACHE_USER_HEADER: "x-proxy-user" # OPENSEARCH_SECURITY_PROXYCACHE_ROLES_HEADER: "x-proxy-roles" # OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization","x-forwarded-for","x-proxy-user","x-proxy-roles"]' volumes: opensearch-data: driver: local