Deployment Overview of Splunk Enterprise on Server¶

Prerequisites and Basic Requirements¶

The deployment requires a server environment with the following specifications: - Operating System: Linux distribution compatible with Docker Engine. - Privileges: Root access or sudo privileges are required to manage Docker services and configure the proxy. - Network Ports: - Port 80 and 443 must be open for the Nginx reverse proxy and SSL certificate management. - Port 8000 must be accessible for the Splunk web interface. - Docker: Docker Engine and Docker Compose must be installed and running on the host.

File and Directory Structure¶

The application components and configuration files are organized within the following directory structure on the host server: - /root/splunk: The primary directory containing the deployment configuration. - /root/splunk/compose.yml: The Docker Compose file defining the services and their configurations. - /data/nginx/user_conf.d: The directory on the host where custom Nginx configuration files are mounted. - nginx_secrets: An external Docker volume used to store Let's Encrypt SSL certificates and keys.

Docker Containers and Their Deployment¶

The application is deployed using Docker Compose, which orchestrates two primary containers:

1. Nginx Container:
2. Image: jonasal/nginx-certbot:latest
3. Purpose: Acts as a reverse proxy and handles SSL certificate generation via Certbot.

4. Configuration:

   • Email for Certbot notifications is set to [email protected].
   • Exposes ports 80 and 443 on the host.
   • Mounts the nginx_secrets volume to /etc/letsencrypt inside the container.
   • Mounts the host directory /data/nginx/user_conf.d to /etc/nginx/user_conf.d inside the container.
   • Depends on the Splunk service to ensure it starts after Splunk is ready.

5. Splunk Container:

6. Image: splunk/splunk:latest
7. Purpose: Runs the Splunk Enterprise application.
8. Configuration:
   • Exposes port 8000 on the host.
   • Environment variable SPLUNK_START_ARGS is set to --accept-license to automatically accept the license agreement during startup.
   • Environment variable SPLUNK_PASSWORD is configured to set the administrator password.

The deployment is initiated by executing the docker compose up -d command within the /root/splunk directory.

Proxy Servers¶

The deployment includes an Nginx reverse proxy configured with automatic SSL certificate management: - Software: Nginx with Certbot integration (jonasal/nginx-certbot). - SSL/TLS: Certbot is used to obtain and renew SSL certificates automatically. - Domain Configuration: Custom domain routing is handled via configuration files placed in the /data/nginx/user_conf.d directory on the host. - Ports: The proxy listens on standard HTTP (80) and HTTPS (443) ports.

Starting, Stopping, and Updating¶

Service management is performed using Docker Compose commands executed from the /root/splunk directory:

• Start the services:

  cd /root/splunk
  docker compose up -d
  

• Stop the services:

  cd /root/splunk
  docker compose down
  

• Update the services: To update the application to the latest versions of the images, pull the new images and restart the containers:

  cd /root/splunk
  docker compose pull
  docker compose up -d
  

The containers are configured with the restart: unless-stopped policy, ensuring they automatically restart if the host reboots or if the container crashes, unless they were explicitly stopped.