With some tweaks to have it in a sem-production env
Use git clone.
Run
docker network create nginxproxy_net
Copy the .env.demo
cp .env.demo .env
Edit the file with your own settings or leave it as is if you do not intend to use the nginx proxy with let's encrypt.
Copy the default file
cp ./config_template/opensearch-security/internal_users.yml
Edit the file and change the default passwords.
docker-compose run opensearch-node1 /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem -t internalusers -f /usr/share/opensearch/config/opensearch-security/internal_users.yml
Do this for all default users.
docker-compose config
Check and fix reported conf errors.
First start opensearch
docker-compose up opensearch-node1
CTRL+C after it finished initialization.
docker-compose up -d
docker-compose logs -f -t --tail=1000
Browse to http://localhost:5601 to login to OpenDashboard
Run
docker-compose -f nginx-compose.yml up -d
If you have the correct DNS cname/A entries and the correct virtual hosts defined in .env, you will magically get certs from LetsEncrypt.
docker exec -it opensearch-node1 /usr/share/opensearch/plugins/opensearch-security/tools/hash.sh -p YourNewPassword
docker exec -it opensearch-node1 /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem -t internalusers -f /usr/share/opensearch/config/opensearch-security/internal_users.yml