Deployment Overview of Splunk Enterprise (free trial) on Server¶

Prerequisites and Basic Requirements¶

Operating System: Linux-based server with Docker and Docker Compose installed.
Privileges: Root or sudo access is required to create directories and manage Docker containers.
Domain Configuration: The server must be configured to handle traffic for the hostkey.in zone.
Ports: Ports 80, 443, and 8000 must be open and accessible on the server firewall.

The application is accessible via the following Fully Qualified Domain Name (FQDN):

The deployment utilizes the following directory structure on the host server:

/root/splunk: The primary directory containing the Docker Compose configuration file.
/root/splunk/compose.yml: The Docker Compose definition file.
/data/nginx/user_conf.d: The directory mounted for custom Nginx user configurations.
/etc/letsencrypt: The directory mounted as a Docker volume (nginx_secrets) to store SSL certificates.

The application is deployed using Docker Compose. The installation involves generating a configuration file and starting the containers.

Software Version: The deployment uses the latest available version of Splunk (splunk/splunk:latest) and the Nginx Certbot proxy (jonasal/nginx-certbot:latest).
Deployment Method: The system utilizes a docker compose file located in the /root/splunk directory to orchestrate the services.
Execution Command:
```
docker compose up -d
```
This command is executed from the /root/splunk directory.

Two main containers are deployed within the compose.yml file:

Nginx (Certbot)
- Image: jonasal/nginx-certbot:latest
- Function: Acts as a reverse proxy, handles SSL certificate generation via Let's Encrypt, and terminates HTTPS connections.
- Restart Policy: unless-stopped
- Environment Variables:
- CERTBOT_EMAIL: Set to [email protected]
Splunk
- Image: splunk/splunk:latest
- Function: Hosts the Splunk Enterprise application.
- Restart Policy: unless-stopped
- Environment Variables:
- SPLUNK_START_ARGS: Set to --accept-license to automatically accept the license agreement.
- SPLUNK_PASSWORD: Configured dynamically via the installation script.

The Nginx container serves as the entry point for all external traffic.

SSL/TLS: Enabled via Let's Encrypt through the Certbot integration within the Nginx image.
Routing: The Nginx container maps external ports to the internal Splunk service.
Volume Mounts:
nginx_secrets: Maps to /etc/letsencrypt for certificate storage.
/data/nginx/user_conf.d: Maps to /etc/nginx/user_conf.d for user-specific Nginx configurations.
Dependencies: The Nginx service is configured to depend on the Splunk service, ensuring Splunk is ready before the proxy starts routing traffic.

Configuration/Resource	Location	Description
Docker Compose File	`/root/splunk/compose.yml`	Defines the services, networks, and volumes for the deployment.
Application Root	`/root/splunk`	The working directory for the Docker Compose project.
SSL Certificates	`nginx_secrets` (Docker Volume)	Manages Let's Encrypt certificates mounted to the Nginx container.
Nginx Custom Configs	`/data/nginx/user_conf.d`	Host directory for additional Nginx configuration files.

The following ports are exposed and mapped on the server:

Port 80: HTTP traffic for Let's Encrypt validation.
Port 443: HTTPS traffic for secure user access to the Splunk web interface.
Port 8000: Internal port used by the Splunk container, mapped for direct container-to-container communication.

All service management operations are performed via Docker Compose commands executed within the /root/splunk directory.

Start the Services:
```
docker compose up -d
```
Stop the Services:
```
docker compose down
```
Restart the Services:
```
docker compose restart
```
Update the Images: To pull the latest versions of the containers defined in the image tags:
```
docker compose pull
```
Followed by:
```
docker compose up -d
```