Updated the graylog image to pull in the GeoIP when built.

To update the GeoIP all you need to do is rebuild the image (docker-compose build)
2025-12-06 04:19:19 +01:00 · 2019-11-22 23:43:42 -05:00
parent c3d4f73505
commit 1051c95fca
4 changed files with 13 additions and 4 deletions
--- a/Docker/docker-compose.yml
+++ b/Docker/docker-compose.yml
@@ -25,11 +25,10 @@ services:

  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
-    image: 'graylog/graylog:3.1'
+    build: graylog/.
    volumes:
      - 'graylog_journal:/usr/share/graylog/data/journal'
      - './service-names-port-numbers.csv:/etc/graylog/server/service-names-port-numbers.csv'
-      - './GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb'
    env_file:
      - ./graylog.env
    links:
--- a/Docker/elasticsearch.env
+++ b/Docker/elasticsearch.env
@@ -1,5 +1,5 @@
 http.host=0.0.0.0
 transport.host=0.0.0.0
 network.host=0.0.0.0
-ES_JAVA_OPTS="-Xms1g -Xmx1g"
+"ES_JAVA_OPTS=-Xms1g -Xmx1g"
 ES_HEAP_SIZE=2g
--- a/Docker/graylog/Dockerfile
+++ b/Docker/graylog/Dockerfile
@@ -0,0 +1,7 @@
+FROM graylog/graylog:3.1
+# Probably a bad idea, but it works for now
+USER root
+RUN mkdir -pv /etc/graylog/server/
+COPY ./getGeo.sh /etc/graylog/server/
+RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh
+USER graylog
--- a/Docker/graylog/getGeo.sh
+++ b/Docker/graylog/getGeo.sh
@@ -0,0 +1,3 @@
+GRAYLOG_PLUGIN_DIR=/etc/graylog/server/
+curl --output ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
+tar zxvf ${GRAYLOG_PLUGIN_DIR}/mm.tar.gz -C ${GRAYLOG_PLUGIN_DIR} --strip-components=1