Elasticsearch is a distributed engine for indexing, storing, and querying data in real time, offering robust full-text search and advanced analytics.
Kibana, that we will install together with Elasticsearch, is a browser-based console for exploring, querying, and visualizing your log data.
0. Prerequisites
Install Nginx prior to Elasticsearch. You can follow our guide (works both for AlmaLinux and Rocky Linux).
Make sure http and https ports are open in your firewall. If not, please run these commands:
IPtables:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Save changes:
iptables-save | tee /etc/sysconfig/iptables
Restart iptables to apply the changes:
systemctl restart iptables
Firewalld:
If you are using firewalld, run these commands to allow HTTP and HTTPS:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
1. Install Elasticsearch
1.1 Update the system
First, make sure to update your system:
sudo dnf update -y
1.2 Install Java
Install Java with this command:
sudo dnf install java-11-openjdk-devel
Then verify:
java -version
1.3 Import GPG key for Elasticsearch
Run the following command:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
1.4 Configure Elastic’s Package Repository
Create the file /etc/yum.repos.d/elasticsearch.repo with your preferred editor:
sudo nano /etc/yum.repos.d/elasticsearch.repo
Insert this content inside the file:
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Save the file and exit.
1.5 Install Elasticsearch
Run this command to install Elasticsearch:
sudo dnf install --enablerepo=elasticsearch elasticsearch
Important: Once the command is finished, the output will provide you with Security autoconfiguration information, including a password for your Elasticsearch user. Make sure to save it in a safe place.
1.6 Adjust Elasticsearch settings
Open the Elasticsearch config at /etc/elasticsearch/elasticsearch.yml with your preferred editor:
sudo nano /etc/elasticsearch/elasticsearch.yml
Uncomment the cluster.name setting and set it to your desired cluster name:
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: your_cluster
Uncomment node.name and set it to your server’s hostname:
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: server_hostname
Uncomment network.host and set it to your server’s hostname as well:
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: server_hostname
Uncomment http.port to explicitly have Elasticsearch listen on port 9200:
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
Save the file, then reload systemd to pick up the Elasticsearch configuration:
sudo systemctl daemon-reload
1.7 Enable Elasticsearch
Run this command to autostart Elasticsearch on every boot:
sudo systemctl enable --now elasticsearch
1.8 Open port 9200
In you firewal, allow port 9200.
If you use firewalld, run this:
sudo firewall-cmd --permanent --add-port=9200/tcp; sudo firewall-cmd --reload
If you use IPtables:
sudo iptables -A INPUT -p tcp --dport 9200 -j ACCEPT
sudo dnf install -y iptables-services
sudo service iptables save
1.9 Store the Elasticsearch built-in password as an environment variable
Switch to root and export the built-in Elasticsearch password into an environment variable named ELASTIC_PASSWORD (use the password you saved previously):
export ELASTIC_PASSWORD="your_elasticseach_password"
Then, test the functionality, by running this command:
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200
You should see something similar:
{
"name" : "server_hostname",
"cluster_name" : "your_cluster",
"cluster_uuid" : "QxRjxNL4QnK6qoCV0LXQdA",
"version" : {
"number" : "8.19.6",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "48a287ab9497e852de30327444b0809e55d46466",
"build_date" : "2024-02-19T10:04:32.774273190Z",
"build_snapshot" : false,
"lucene_version" : "9.9.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}2. Install Kibana
2.1 Run Kibana installation command
Use this command:
sudo dnf install kibana
Create enrollment token for Kibana:
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
The output will provide you the enrollment token, make sure to copy and save it.
2.2 Kibana setup
Run the following command:
sudo /usr/share/kibana/bin/kibana-setup
You’ll be asked to enter the enrollment token created in the previous step.
Paste the token and press Enter.
2.3 Start Kibana
Run this command to start Kibana and enable it to start on every boot automatically:
sudo systemctl daemon-reload; systemctl enable --now kibana
2.4 Get a Let’s Encrypt certificate for your hostname
Run these commands to install Let's Encrypt:
sudo dnf install -y epel-release
sudo dnf install -y certbot python3-certbot-nginx
Run this command to generate certificate for your server's hostname (type your actual VPS hostname instead of server_hostname):
sudo certbot --nginx -d server_hostname
You will need to enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).
Then It will show you the error:
Could not automatically find a matching server block for server_hostname. Set the `server_name` directive to use the Nginx installer
This is fine. Create the Nginx config with your hostname.
nano /etc/nginx/conf.d/kibana.conf
Inside, paste this content (type your actual VPS hostname instead of server_hostname):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name server_hostname;
ssl_certificate /etc/letsencrypt/live/server_hostname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server_hostname/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://127.0.0.1:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Then, run these commands:
sudo nginx -t && sudo systemctl reload nginx
Finally, try to generate certificate for your server again:
sudo certbot --nginx -d server_hostname
You will see this message:
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
Select 1: Attempt to reinstall this existing certificate (just type "1").
Next, open a browser, navigate to your server’s hostname, and confirm it loads over HTTPS with a valid SSL certificate.
https://server_hostname
Click the padlock in the address bar to view the certificate details.
3. Accessing Elasticsearch
Open Kibana UI by navigating to:
https://server_hostname
Sign in with the credentials that you saved earlier in the Security Autoconfiguration Information section (step 1.5).
After that, click "Explore on my own" if you don't want to add any integrations.
After a successful login, your Elasticsearch server is up and running alongside Kibana. You will see the main dashboard:
