Wazuh Manager

Wazuh Docker deployment

You can deploy Wazuh as a single-node or multi-node stack. Single-node deployment: Deploys one Wazuh manager, indexer, and dashboard node. Multi-node deployment: Deploys two Wazuh manager nodes (one master and one worker), three Wazuh indexer nodes, and a Wazuh dashboard node. Both deployments use persistence and allow configuring certificates to secure communications between nodes. The multi-node stack is the only deployment that contains high availability.

Single-node Deployment Clone the Wazuh repository to your system:

git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.2

Then enter into the single-node directory to execute all the commands described below within this directory.

Provide a group of certificates for each node in the stack to secure communication between the nodes. You have two alternatives to provide these certificates:

Generate self-signed certificates for each cluster node.

We have created a Docker image to automate certificate generation using the Wazuh certs gen tool.

If your system uses a proxy, add the following to the generate-indexer-certs.yml file. If not, skip this particular step:

environment:
  - HTTP_PROXY=YOUR_PROXY_ADDRESS_OR_DNS

A completed example looks like:

# Wazuh App Copyright (C) 2017 Wazuh Inc. (License GPLv2)
version: '3'
services:
  generator:
    image: wazuh/wazuh-certs-generator:0.0.2
    hostname: wazuh-certs-generator
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
    environment:
      - HTTP_PROXY=YOUR_PROXY_ADDRESS_OR_DN

Execute the following command to get the desired certificates:

docker-compose -f generate-indexer-certs.yml run --rm generator

This saves the certificates into the config/wazuh_indexer_ssl_certs directory.

Provide your own certificates for each node.

In case you have your own certificates, provision them as follows in the config/wazuh_indexer_ssl_certs directory:

Wazuh indexer:
config/wazuh_indexer_ssl_certs/root-ca.pem
config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem
config/wazuh_indexer_ssl_certs/wazuh.indexer.pem
config/wazuh_indexer_ssl_certs/admin.pem
config/wazuh_indexer_ssl_certs/admin-key.pem

Wazuh manager:
config/wazuh_indexer_ssl_certs/root-ca-manager.pem
config/wazuh_indexer_ssl_certs/wazuh.manager.pem
config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem

Wazuh dashboard:
config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem
config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem
config/wazuh_indexer_ssl_certs/root-ca.pem

Start the Wazuh single-node deployment using docker-compose:

Foreground:

docker-compose up

Background:

docker-compose up -d

List container :

root@marouane:~# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED        STATUS        PORTS                                                                                                                                                           NAMES
272a554b8e15   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         47 hours ago   Up 47 hours   443/tcp, 0.0.0.0:8443->5601/tcp, :::8443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
7ffe1cad719b   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   47 hours ago   Up 47 hours   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
ff75a11939bc   wazuh/wazuh-manager:4.8.0     "/init"                  47 hours ago   Up 24 hours   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1

https://ip-addr:443