Elasticsearch is also available as Docker images. The images use centos:8 as the base image.
These images are free to use under the Elastic license. They contain open source and free commercial features and access to paid commercial features. Start a 30-day trial to try out all of the paid commercial features. See the Subscriptions page for information about Elastic license levels.
Obtaining Elasticsearch for Docker is as simple as issuing a
docker pull command
against the Elastic Docker registry.
Version 7.10.0 of Elasticsearch has not yet been released, so no Docker image is currently available for this version.
Version 7.10.0 of the Elasticsearch Docker image has not yet been released.
To get a three-node Elasticsearch cluster up and running in Docker, you can use Docker Compose:
Version 7.10.0 of Elasticsearch has not yet been released, so a
docker-compose.ymlis not available for this version.
This sample Docker Compose file brings up a three-node Elasticsearch cluster. Node
es01over a Docker network.
Please note that this configuration exposes port 9200 on all network interfaces, and given how Docker manipulates
iptableson Linux, this means that your Elasticsearch cluster is publically accessible, potentially ignoring any firewall settings. If you don’t want to expose port 9200 and instead use a reverse proxy, replace
127.0.0.1:9200:9200in the docker-compose.yml file. Elasticsearch will then only be accessible from the host machine itself.
The Docker named volumes
data03store the node data directories so the data persists across restarts. If they don’t already exist,
docker-composecreates them when you bring up the cluster.
Make sure Docker Engine is allotted at least 4GiB of memory. In Docker Desktop, you configure resource usage on the Advanced tab in Preference (macOS) or Settings (Windows).
Docker Compose is not pre-installed with Docker on Linux. See docs.docker.com for installation instructions: Install Compose on Linux
docker-composeto bring up the cluster:
_cat/nodesrequest to see that the nodes are up and running:
curl -X GET "localhost:9200/_cat/nodes?v&pretty"
Log messages go to the console and are handled by the configured Docker logging driver.
By default you can access logs with
To stop the cluster, run
The data in the Docker volumes is preserved and loaded
when you restart the cluster with
To delete the data volumes when you bring down the cluster,
docker-compose down -v.
The following requirements and recommendations apply when running Elasticsearch in Docker in production.
vm.max_map_count kernel setting must be set to at least
262144 for production use.
How you set
vm.max_map_count depends on your platform:
vm.max_map_countsetting should be set permanently in
grep vm.max_map_count /etc/sysctl.conf vm.max_map_count=262144
To apply the setting on a live system, run:
sysctl -w vm.max_map_count=262144
macOS with Docker for Mac
vm.max_map_countsetting must be set within the xhyve virtual machine:
From the command line, run:
Press enter and use`sysctl` to configure
sysctl -w vm.max_map_count=262144
To exit the
Ctrl a d.
Windows and macOS with Docker Desktop
vm.max_map_countsetting must be set via docker-machine:
docker-machine ssh sudo sysctl -w vm.max_map_count=262144
Windows with Docker Desktop WSL 2 backend
vm.max_map_countsetting must be set in the docker-desktop container:
wsl -d docker-desktop sysctl -w vm.max_map_count=262144
By default, Elasticsearch runs inside the container as user
One exception is Openshift,
which runs containers using an arbitrarily assigned user ID.
Openshift presents persistent volumes with the gid set to
0, which works without any adjustments.
If you are bind-mounting a local directory or file, it must be readable by the
In addition, this user must have write access to the data and log dirs.
A good strategy is to grant group access to gid
0 for the local directory.
For example, to prepare a local directory for storing data through a bind-mount:
mkdir esdatadir chmod g+rwx esdatadir chgrp 0 esdatadir
As a last resort, you can force the container to mutate the ownership of
any bind-mounts used for the data and log dirs through the
TAKE_FILE_OWNERSHIP. When you do this, they will be owned by
1000:0, which provides the required read/write access to the Elasticsearch process.
To check the Docker daemon defaults for ulimits, run:
docker run --rm centos:8 /bin/bash -c 'ulimit -Hn && ulimit -Sn && ulimit -Hu && ulimit -Su'
If needed, adjust them in the Daemon or override them per container.
For example, when using
docker run, set:
Swapping needs to be disabled for performance and node stability. For information about ways to do this, see Disable swapping.
If you opt for the
bootstrap.memory_lock: true approach,
you also need to define the
memlock: true ulimit in the
or explicitly set for the container as shown in the sample compose file.
docker run, you can specify:
-e "bootstrap.memory_lock=true" --ulimit memlock=-1:-1
The image exposes
TCP ports 9200 and 9300. For production clusters, randomizing the
published ports with
--publish-all is recommended,
unless you are pinning one container per host.
To configure the heap size, you can bind mount a JVM options
/usr/share/elasticsearch/config/jvm.options.d that includes your
desired heap size settings. Note that while the default root
jvm.options file sets a default heap of 1 GB, any value you set in a
bind-mounted JVM options file will override it.
While setting the heap size via bind-mounted JVM options is the recommended
method, you can also configure this by using the
variable to set the heap size. For example, to use 16 GB, specify
-e ES_JAVA_OPTS="-Xms16g -Xmx16g" with
docker run. Note that while the
jvm.options file sets a default heap of 1 GB, any value you set
ES_JAVA_OPTS will override it. The
docker-compose.yml file above sets the heap size to 512 MB.
Pin your deployments to a specific version of the Elasticsearch Docker image. For
You should use a volume bound on
/usr/share/elasticsearch/data for the following reasons:
- The data of your Elasticsearch node won’t be lost if the container is killed
- Elasticsearch is I/O sensitive and the Docker storage driver is not ideal for fast I/O
- It allows the use of advanced Docker volume plugins
If you are using the devicemapper storage driver, do not use the default
Configure docker-engine to use
When you run in Docker, the Elasticsearch configuration files are loaded from
To use custom configuration files, you bind-mount the files over the configuration files in the image.
To use the contents of a file to set an environment variable, suffix the environment
variable name with
_FILE. This is useful for passing secrets such as passwords to Elasticsearch
without specifying them directly.
For example, to set the Elasticsearch bootstrap password from a file, you can bind mount the
file and set the
ELASTIC_PASSWORD_FILE environment variable to the mount location.
If you mount the password file to
You can also override the default command for the image to pass Elasticsearch configuration parameters as command line options. For example:
docker run <various parameters> bin/elasticsearch -Ecluster.name=mynewclustername
While bind-mounting your configuration files is usually the preferred method in production, you can also create a custom Docker image that contains your configuration.
Create custom config files and bind-mount them over the corresponding files in the Docker image.
For example, to bind-mount
docker run, specify:
The container runs Elasticsearch as user
1000:0. Bind mounted host directories and files must be accessible by this user,
and the data and log directories must be writable by this user.
By default, Elasticsearch will auto-generate a keystore file for secure settings. This
file is obfuscated but not encrypted. If you want to encrypt your
secure settings with a password, you must use the
elasticsearch-keystore utility to create a password-protected keystore and
bind-mount it to the container as
/usr/share/elasticsearch/config/elasticsearch.keystore. In order to provide
the Docker container with the password at startup, set the Docker environment
KEYSTORE_PASSWORD to the value of your password. For example, a
run command might have the following options:
-v full_path_to/elasticsearch.keystore:/usr/share/elasticsearch/config/elasticsearch.keystore -E KEYSTORE_PASSWORD=mypassword
In some environments, it might make more sense to prepare a custom image that contains
your configuration. A
Dockerfile to achieve this might be as simple as:
FROM docker.elastic.co/elasticsearch/elasticsearch:7.10.0 COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
You could then build and run the image with:
docker build --tag=elasticsearch-custom . docker run -ti -v /usr/share/elasticsearch/data elasticsearch-custom
Some plugins require additional security permissions. You must explicitly accept them either by:
ttywhen you run the Docker image and allowing the permissions when prompted.
Inspecting the security permissions and accepting them (if appropriate) by adding the
--batchflag to the plugin install command.
See Plugin management for more information.
You now have a test Elasticsearch environment set up. Before you start serious development or go into production with Elasticsearch, you must do some additional setup: