Easy Guide: Installing Wazuh on Ubuntu with Portainer, Docker, and Docker Compose

Servers
, , ,
1

Setting up Wazuh on a Portainer-managed environment running on an Ubuntu server with Docker and Docker Compose is straightforward with these step-by-step instructions. In this guide, we’ll cover everything from cloning the Wazuh repository to accessing the Wazuh Dashboard.

Prerequisites

  • Ubuntu Server with Docker and Docker Compose installed
  • Portainer installed and running

Step 1: Install Docker and Docker Compose

First, ensure Docker and Docker Compose are installed on your Ubuntu server:

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo apt-get install docker-compose

Step 2: Clone the Wazuh Docker Repository

Clone the Wazuh Docker repository to your system:

git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.4
cd wazuh-docker/single-node

You can select different versions if needed, based on the compatibility matrix.

Step 3: Navigate to Single Node Directory

Navigate to the single-node directory which contains the necessary setup files:

cd wazuh-docker/single-node

Ensure the directory contains the required files:

# ll
total 20
drwxr-xr-x 3 root root   97 May 28 23:16 ./
drwxr-xr-x 8 root root 4096 May 28 23:16 ../
drwxr-xr-x 5 root root   88 May 28 23:16 config/
-rw-r--r-- 1 root root 4282 May 28 23:16 docker-compose.yml
-rw-r--r-- 1 root root  292 May 28 23:16 generate-indexer-certs.yml
-rw-r--r-- 1 root root  868 May 28 23:16 README.md

Step 4: Generate Certificates

Execute the following command to generate the necessary certificates. Ensure you are in the wazuh-docker/single-node directory:

docker-compose -f generate-indexer-certs.yml run --rm generator

The output will indicate the creation of admin, Wazuh indexer, Wazuh server, and Wazuh dashboard certificates.

Step 5: Deploy Wazuh Using Docker Compose

Run the following command to pull the necessary Docker images and start the Wazuh services:

docker-compose up -d

The output will confirm the creation of various volumes and the pulling of Wazuh images, eventually starting the containers.

Step 6: Verify the Setup

After the deployment, verify that all the services are up and running by using the docker ps command:

docker ps

Example output:

CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
4b287e7740a9   wazuh/wazuh-dashboard:4.7.4   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
1d58f3d641c4   wazuh/wazuh-manager:4.7.4     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1
009084c4a79c   wazuh/wazuh-indexer:4.7.4     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1

Step 7: Access the Wazuh Dashboard

Open a web browser and navigate to https://<your-docker-host>:443. The default credentials are:

  • Username: admin
  • Password: SecretPassword

Step 8: Verify in Portainer

Additionally, you can verify the running containers in the Portainer web interface. This provides a graphical view of your Wazuh setup and allows you to manage the containers easily.

To verify and manage your Wazuh stack in Portainer, follow these steps:

  1. Access Portainer:

    • Open your web browser and navigate to your Portainer instance (e.g., http://<your-docker-host>:9000).

  2. Login to Portainer:

    • Enter your Portainer credentials and click Log in.

  3. Navigate to Stacks:

    • From the left-hand menu, click on Stacks. This section lists all the Docker Compose stacks deployed in your environment.

  4. View Wazuh Stack:

    • Locate your Wazuh stack from the list and click on it to see details.
    • This view provides information about the services, volumes, and network associated with the stack.

single-node
single-node3666×1130 283 KB

  1. Monitor and Manage Services:

    • You can start, stop, or restart individual services within the stack.
    • Use the Logs tab to view logs for troubleshooting.

  2. Inspect Volumes:

    • Check the volumes attached to your services to ensure data persistence is configured correctly.

Additional Tips

  • Scaling: Use the Scale option to adjust the number of replicas for a service.
  • Environment Variables: Verify and update environment variables as needed for configuration.