Upgrading Wazuh Docker

This section describes how to upgrade Wazuh Docker deployments starting from version 4.3.

To upgrade to version 4.12.0, choose one of the following strategies.

Using the default Docker Compose files: Replace the existing docker-compose.yml file with the default one provided for Wazuh 4.12.0.
Keeping your custom Docker Compose files: Retain your existing docker-compose.yml file of your outdated Wazuh Docker deployment and apply the upgrade without replacing it.

Using the default Docker Compose files

Follow these steps to upgrade your deployment using the default docker-compose.yml file:

Run the following command from your wazuh-docker/single-node/ or wazuh-docker/multi-node/ directory to stop the outdated environment:
```
# docker compose down
```
Update your local repository to fetch the latest tags:
```
# git fetch --all --tags
```
Check out the tag for the current version of wazuh-docker:
```
# git checkout v4.12.0
```
This command switches your local repository to the specified release tag, ensuring the deployment uses that version's exact configuration and files.

Note

Replace v4.12.0 with the tag of any other Wazuh version you want to upgrade to. You can run git tag -l to see all available versions.
Start the upgraded Wazuh Docker environment using the docker compose command:
```
# docker compose up -d
```
Your data and certificates remain persistent because they are stored in mounted Docker volumes. This means upgrading the environment does not erase your existing configuration or indexed data.

Keeping your custom Docker Compose files

To upgrade your deployment while preserving your custom docker-compose.yml file, follow these steps:

Single-node stack

Run the following command from your wazuh-docker/single-node/ directory to stop the outdated environment:
```
# docker compose down
```
If upgrading from a version earlier than 4.8, edit the single-node/config/wazuh_dashboard/opensearch_dashboards.yml file and update the defaultRoute parameter as follows:
```
uiSettings.overrides.defaultRoute: /app/wz-home
```
Optional: Modify the OPENSEARCH_JAVA_OPTS environment variable in the single-node/docker-compose.yml file to allocate more RAM to the Wazuh indexer container.
```
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
```
Modify the tag of the image generator in the single-node/generate-indexer-certs.yml file to the latest.
```
services:
   generator:
      image: wazuh/wazuh-certs-generator:0.0.2
```
Recreate the certificates after these changes.
```
# docker compose -f generate-indexer-certs.yml run --rm generator
```
Optional: If upgrading from Wazuh version 4.3, update old paths with the new ones.

Wazuh dashboard
1. Edit the single-node/config/wazuh_dashboard/opensearch_dashboards.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.
2. Edit the single-node/docker-compose.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.
Wazuh indexer
1. Edit the single-node/config/wazuh_indexer/wazuh.indexer.yml file and do the following replacements.
  - Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.
  - Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.
2. Edit the single-node/docker-compose.yml file and do the following replacements.
  - Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.
  - Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.
  - Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/.

Edit the docker-compose.yml file and update the highlighted lines to the latest images.

wazuh.manager:
   image: wazuh/wazuh-manager:4.12.0
...
wazuh.indexer:
   image: wazuh/wazuh-indexer:4.12.0
...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.12.0

Optional: If you are upgrading from Wazuh version 4.3, add the variable related to the kibanaserver user.

...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.12.0
   environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver

Replace the content of single-node/config/wazuh_cluster/wazuh_manager.conf file in your stack with the one from the v4.12.0 tag of the Wazuh Docker repository.
Start the new version of Wazuh using the docker compose command:
```
# docker compose up -d
```

Multi-node stack

Run the following command from your wazuh-docker/multi-node/ directory to stop the outdated environment:
```
# docker compose down
```
If upgrading from a version earlier than 4.8, edit multi-node/config/wazuh_dashboard/opensearch_dashboards.yml file and update the defaultRoute parameter as follows:
```
uiSettings.overrides.defaultRoute: /app/wz-home
```
Optional: Modify the OPENSEARCH_JAVA_OPTS environment variable in the multi-node/docker-compose.yml file to allocate more RAM to the Wazuh indexer container.
```
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
```
Modify the tag of the image generator to the latest tag wazuh/wazuh-certs-generator:0.0.2 in the multi-node/generate-indexer-certs.yml file.
```
services:
   generator:
      image: wazuh/wazuh-certs-generator:0.0.2
```
Recreate the certificates after these changes.
```
# docker compose -f generate-indexer-certs.yml run --rm generator
```
Optional: If upgrading from Wazuh version 4.3, update these old paths with the new ones.

Wazuh dashboard
1. Edit the multi-node/config/wazuh_dashboard/opensearch_dashboards.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.
2. Edit the multi-node/docker-compose.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.
Wazuh indexer
1. Edit the multi-node/config/wazuh_indexer/wazuh1.indexer.yml, multi-node/config/wazuh_indexer/wazuh2.indexer.yml, and multi-node/config/wazuh_indexer/wazuh3.indexer.yml files and do the following replacements.
  - Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.
  - Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.
2. Edit the multi-node/docker-compose.yml file and do the following replacements.
  - Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.
  - Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.
  - Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/.

Edit the docker-compose.yml file and update the highlighted lines to the latest images.

wazuh.master:
   image: wazuh/wazuh-manager:4.12.0
...
wazuh.worker:
   image: wazuh/wazuh-manager:4.12.0
...
wazuh1.indexer:
   image: wazuh/wazuh-indexer:4.12.0
...
wazuh2.indexer:
   image: wazuh/wazuh-indexer:4.12.0
...
wazuh3.indexer:
   image: wazuh/wazuh-indexer:4.12.0
...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.12.0

Optional: If you are updating from Wazuh version 4.3, add the variable related to the kibanaserver user.

...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.12.0
   environment:
      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
      - WAZUH_API_URL="https://wazuh.master"
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver

Replace the content of the following files in your stack with the ones from the v4.12.0 tag of the Wazuh Docker repository:
- multi-node/config/wazuh_cluster/wazuh_manager.conf
- multi-node/config/wazuh_cluster/wazuh_worker.conf
Start the new version of Wazuh using the docker compose command:
```
# docker compose up -d
```