download-artifacts.sh is a helper script that:
- Bulk‑downloads Elastic Stack binaries (Beats, APM, Fleet, Endpoint, etc.) and security endpoint artifacts.
- Bundles them into a timestamped tarball for easy distribution in air‑gapped environments.
- Builds a minimal Nginx container image to serve the artifacts over HTTP or HTTPS.
This is ideal for organizations running air‑gapped Elastic deployments or needing an offline mirror of both core Elastic and Elastic Defend artifacts.
- Bash ≥ 4.0
- curl, tar
- Container builder:
nerdctl(containerd),podman, ordocker - Endpoint tools:
jq,zcat - (Optional) Kubernetes cluster and
kubectlfor the k8s demo - Network access to:
https://artifacts.elastic.co/https://artifacts.security.elastic.co/
Most users will choose one of these workflows:
- Bundle artifacts only (to serve artifacts directly on your server)
- Build an Nginx image only (to serve artifacts directly from container via HTTP)
- Combine both (download, bundle, and build)
# Download version 8.17.4 and create a tarball\
./scripts/download-artifacts.sh --versions 8.17.4 --bundle- Outputs: a timestamped tarball in
./artifacts-bundle/
# Download version 8.17.4 and build the Nginx image\
./scripts/download-artifacts.sh --versions 8.17.4 --build-nginx-image- Outputs: an Nginx image (
elastic-artifacts-nginx:latest) with artifacts baked in
./scripts/download-artifacts.sh \
--versions 8.17.4,8.18.0 \
--bundle \
--build-nginx-image./scripts/download-artifacts.sh [options]| Flag | Description |
|---|---|
-h, --help |
Show help message and exit |
--versions 8.x.x,9.x.x,... |
Comma-separated list of Elastic versions to download |
| (repeatable for space-separated versions) | |
--bundle |
Create a .tar.gz bundle of the downloaded artifacts |
--build-nginx-image |
Build a Docker/Podman/nerdctl image serving the artifacts |
--destination DIR |
Set output directory for downloads (default: ./artifacts-bundle) |
--bundle-name FILE.tar.gz |
Specify custom bundle filename (default uses timestamp) |
--nginx-image-tag TAG |
Set the tag for the built image (default: elastic-artifacts-nginx:latest) |
--update |
Do not clear existing files in destination; only add missing ones |
-
Clone the repo
git clone https://github.com/pkward/artifacts-bundler.git cd artifacts-bundler -
Install prerequisites
# RHEL/CentOS example sudo dnf install -y curl tar jq gzip # Install podman, docker, or nerdctl sudo dnf install -y docker-ce|podman|containerd.io
-
Download & bundle artifacts
./scripts/download-artifacts.sh \ --versions 8.17.4,8.18.0 \ --bundle \ --build-nginx-image
-
Run the Nginx container locally
# Docker|Podman example docker|podman run -d -p 80:80 elastic-artifacts-nginx:latest
Browse:
http://<your-ip>/downloads/ -
Kubernetes deployment
kubectl apply -f k8s/nginx-deploy.yaml kubectl apply -f k8s/nginx-nodeport.yaml
Browse on any node IP: http://:30080/downloads/
artifacts-bundler.sh/
├── scripts/
│ └── download-artifacts.sh # Core downloader & bundler script
├── k8s/
│ ├── nginx-deploy.yaml # Deployment manifest
│ ├── nginx-nodeport.yaml # NodePort service manifest
│ └── ssl-configmap.yaml # SSL ConfigMap example
├── README.md # This file
└── LICENSE # MIT License text
Examples target Elastic Stack 8.17.x or newer. Adjust --versions for 8.18.x, 9.x, etc.
In Kibana, navigate to Fleet > Settings under "Management".
Click Add next to Agent Binary Download.
Enter your mirror URL, e.g.:
http://<YOUR-MIRROR-IP>:<port>/downloads/
Click Save. Elastic Agents will now fetch binaries from your private mirror.
Example screenshots:
In Kibana’s Security > Endpoint > Policies, select your Endpoint policy.
Click Edit policy, scroll to Advanced settings, and expand Global artifact download source.
Enter the mirror URL:
http://<YOUR-MIRROR-IP>:<port>
Click Save to apply to all enrolled Endpoint agents.
Example screenshot:
Confirm Elastic Defend (Endpoint) can retrieve Global artifacts:
© 2025 Pete Ward • MIT License