The Installation of Wazuh on Docker

You can deploy Wazuh as either a single-node or multi-node stack:

• Single Node Deployment: Installs one Wazuh manager, indexer, and dashboard node.

• Multi-Node Deployment: Installs two Wazuh manager nodes, three Wazuh indexer nodes, and one Wazuh dashboard.

Both deployment types provide persistence and enable certificate configuration to secure communication between nodes. High availability is only available in multi-node deployments.

Single Node Deployment

1. Clone the Wazuh repository onto your system:

   Copy

   git clone https://github.com/wazuh/wazuh-docker.git -b v4.10.0

   Then navigate to the single-node directory to execute the commands described below.

2. Generate certificates for secure communication between nodes. You have two options:

   • Generate certificates with the following command:

     Copy

     docker-compose -f generate-indexer-certs.yml run --rm generator

   • Provide your own certificates by placing them in the following directory: config/wazuh_indexer_ssl_certs

     Wazuh Indexer:

     Copy

     config/wazuh_indexer_ssl_certs/root-ca.pem
     config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem
     config/wazuh_indexer_ssl_certs/wazuh.indexer.pem
     config/wazuh_indexer_ssl_certs/admin.pem
     config/wazuh_indexer_ssl_certs/admin-key.pem

     Wazuh Manager:

     Copy

     config/wazuh_indexer_ssl_certs/root-ca-manager.pem
     config/wazuh_indexer_ssl_certs/wazuh.manager.pem
     config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem

     Wazuh Dashboard:

     Copy

     config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem
     config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem
     config/wazuh_indexer_ssl_certs/root-ca.pem

3. Start the Wazuh single-node deployment using Docker Compose:

   • To run in the foreground:

     Copy

     docker compose up

   • To run in detached mode:

     Copy

     docker compose up -d

The default Wazuh dashboard credentials are:

• Username: admin

• Password: SecretPassword

You can change the default password for the Wazuh indexer admin user for additional security.

While the Wazuh indexer starts, the Wazuh dashboard container may make multiple requests to the Wazuh indexer API using curl. During this time, you might encounter error messages such as:

• "Failed to connect to Wazuh indexer port 9200"

• "Wazuh dashboard server is not ready yet"

These messages will resolve once the Wazuh indexer is up and running, which usually takes about 1 minute.

You can find the default Wazuh indexer credentials in the docker-compose.yml file.

Multi-Node Deployment

1. Clone the Wazuh repository onto your system:

   Copy

   git clone https://github.com/wazuh/wazuh-docker.git -b v4.10.0

2. Generate certificates for secure communication between nodes. You have two options:

   • Generate certificates with the following command:

     Copy

     docker-compose -f generate-indexer-certs.yml run --rm generator

   • Provide your own certificates: Wazuh Indexer:

     Copy

     config/wazuh_indexer_ssl_certs/root-ca.pem
     config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem
     config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem
     config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem
     config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem
     config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem
     config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem
     config/wazuh_indexer_ssl_certs/admin.pem
     config/wazuh_indexer_ssl_certs/admin-key.pem

     Wazuh Manager:

     Copy

     config/wazuh_indexer_ssl_certs/root-ca-manager.pem
     config/wazuh_indexer_ssl_certs/wazuh.master.pem
     config/wazuh_indexer_ssl_certs/wazuh.master-key.pem
     config/wazuh_indexer_ssl_certs/wazuh.worker.pem
     config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem

     Wazuh Dashboard:

     Copy

     config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem
     config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem
     config/wazuh_indexer_ssl_certs/root-ca.pem

3. Start the Wazuh multi-node deployment using Docker Compose:

   • To run in the foreground:

     Copy

     docker compose up

   • To run in detached mode:

     Copy

     docker compose up -d

References