{"id":2748,"date":"2019-05-02T13:03:54","date_gmt":"2019-05-02T10:03:54","guid":{"rendered":"https:\/\/kifarunix.com\/?p=2748"},"modified":"2023-04-07T21:45:59","modified_gmt":"2023-04-07T18:45:59","slug":"install-elastic-stack-7-on-ubuntu-18-04-debian-9-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-elastic-stack-7-on-ubuntu-18-04-debian-9-8\/","title":{"rendered":"Install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8"},"content":{"rendered":"\n<p>This tutorial will guide on how to install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8. We will be discussing the installation and configuration of each component of Elastic Stack 7. Talking of components, Elastic Stack, previously known as ELK stack, comprises of four opensource major components, Elasticsearch, Kibana, Logstash and Beats. These components can be used to collect, parse, store, search, analyze and visualize different types of logs collected from different types sources. To break down a bit;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Elasticsearch<\/strong> is a search and analytics engine<\/li>\n\n\n\n<li><strong>Kibana<\/strong> is a data visualization and dash-boarding tool that enables you to analyze data stored on Elasticsearch.<\/li>\n\n\n\n<li><strong>Logstash<\/strong> is a server\u2011side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then stashes it on search analytics engine like Elasticsearch<\/li>\n\n\n\n<li><strong>Beats<\/strong> on the other hand are the log shippers that collects logs from different endpoints and sends them to either Logstash or directly to Elasticsearch.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#install-elastic-stack-7-on-ubuntu-18-04-debian-9-8\">Install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8<\/a><ul><li><a href=\"#installing-elasticsearch-7\">Installing Elasticsearch 7<\/a><\/li><li><a href=\"#install-kibana-7-x-on-ubuntu-18-04-debian-9-8\">Install Kibana 7.x on Ubuntu 18.04\/Debian 9.8<\/a><ul><li><a href=\"#install-nginx\">Install Nginx<\/a><\/li><li><a href=\"#configure-nginx-with-ssl-to-proxy-kibana\">Configure Nginx with SSL to Proxy Kibana<\/a><\/li><li><a href=\"#generate-self-signed-ssl-tls-certificates\">Generate Self-signed SSL\/TLS certificates<\/a><\/li><li><a href=\"#configure-nginx-authentication\">Configure Nginx Authentication<\/a><\/li><li><a href=\"#active-kibana-nginx-configuration\">Active Kibana Nginx Configuration<\/a><\/li><li><a href=\"#access-kibana-dashboard\">Access Kibana Dashboard<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-elastic-stack-7-on-ubuntu-18-04-debian-9-8\">Install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8<\/h2>\n\n\n\n<p>We will run the installation of Elastic Stack components in the following order. Such an order ensures that each component depend is in place.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Elasticsearch<\/li>\n\n\n\n<li>Install Kibana<\/li>\n\n\n\n<li>Install Logstash<\/li>\n\n\n\n<li>Install Beats<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"installing-elasticsearch-7\">Installing Elasticsearch 7<\/h3>\n\n\n\n<p>Installation of Elasticsearch 7.0 on Ubuntu 18.04\/Debian 9.8 has been discussed in our previous guide. Therefore check it out by following the link below.<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-elasticsearch-7-x-on-ubuntu-18-04-debian-9-8\/\" target=\"_blank\">Install Elasticsearch 7 on Ubuntu 18.04\/Debian 9.8<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-kibana-7-x-on-ubuntu-18-04-debian-9-8\">Install Kibana 7.x on Ubuntu 18.04\/Debian 9.8<\/h3>\n\n\n\n<p>Once the installation of Elasticsearch is done, proceed to install Kibana. Kibana is not available on the default Ubuntu\/Debian repos. But since we are working on a single node Elastic stack, we already created the Elastic Stack APT repos while installing Elasticsearch. Hence, you can simply run the command below to install Kibana 7.x.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install kibana<\/code><\/pre>\n\n\n\n<p>Once the installation is done, start and enable Kibana to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now kibana<\/code><\/pre>\n\n\n\n<p>Kibana is set to run on <strong>localhost:5601<\/strong> by default. Therefore, to add some layer of security, you can install and configure Nginx to proxy the connection to Kibana via a publicly accessible interface IP. If you choose to use Nginx instead of exposing Kibana, you can proceed as follows;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-nginx\">Install Nginx<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install nginx<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-nginx-with-ssl-to-proxy-kibana\"><a href=\"#proxykibanawithnginx\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Nginx with SSL to Proxy Kibana<\/a><\/h4>\n\n\n\n<p>To configure Nginx with SSL to Proxy connection to Kibana, you need to generate the SSL\/TLS certificates and create Nginx configuration file to define Kibana settings. In this guide, we are using self-signed certificate. You can as well obtain a trusted CA certificate from your preferred provider. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-self-signed-ssl-tls-certificates\">Generate Self-signed SSL\/TLS certificates<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/kibana-selfsigned.key -out \/etc\/ssl\/certs\/kibana-selfsigned.crt<\/code><\/pre>\n\n\n\n<p>Also, create Deffie-Hellman group.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>openssl dhparam -out \/etc\/nginx\/dhparam.pem 2048<\/code><\/pre>\n\n\n\n<p>Create Kibana Nginx configuration. You can use the recommendations from the <a rel=\"noreferrer noopener\" href=\"https:\/\/cipherli.st\/\" target=\"_blank\">Cipherli.st<\/a> while configuring SSL.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/nginx\/sites-available\/kibana<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nserver {\n\tlisten 80;\n\tserver_name elk.example.com;\n\treturn 301 https:\/\/$host$request_uri;\n}\nserver {\n\tlisten 443 ssl;\n\tserver_name elk.example.com;\n\n\troot \/var\/www\/html;\n\tindex index.html index.htm index.nginx-debian.html;\n\n    \tssl_certificate \/etc\/ssl\/certs\/kibana-selfsigned.crt;\n\tssl_certificate_key \/etc\/ssl\/private\/kibana-selfsigned.key;\n\n\tssl_protocols TLSv1.2 TLSv1.3;\n\tssl_prefer_server_ciphers on; \n\tssl_dhparam \/etc\/nginx\/dhparam.pem;\n\tssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;\n\tssl_ecdh_curve secp384r1;\n\tssl_session_timeout  10m;\n\tssl_session_cache shared:SSL:10m;\n\tresolver 192.168.42.129 8.8.8.8 valid=300s;\n\tresolver_timeout 5s; \n\tadd_header Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\";\n\tadd_header X-Frame-Options DENY;\n\tadd_header X-Content-Type-Options nosniff;\n\tadd_header X-XSS-Protection \"1; mode=block\";\n\n\taccess_log  \/var\/log\/nginx\/kibana_access.log;\n\terror_log  \/var\/log\/nginx\/kibana_error.log;\n\n\tauth_basic \"Authentication Required\";\n\tauth_basic_user_file \/etc\/nginx\/kibana.users;\n\n\tlocation \/ {\n\t        proxy_pass http:\/\/localhost:5601;\n        \tproxy_http_version 1.1;\n\t        proxy_set_header Upgrade $http_upgrade;\n        \tproxy_set_header Connection 'upgrade';\n\t        proxy_set_header Host $host;\n        \tproxy_cache_bypass $http_upgrade;\n\t}\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-nginx-authentication\">Configure Nginx Authentication<\/h4>\n\n\n\n<p>To configure Nginx User authentication, you need to create users and their password. These authentication details will be saved in the file,  <strong>\/etc\/nginx\/kibana.users<\/strong>, specified by <strong>auth_basic_user_file<\/strong> parameter in the Nginx configuration file. You can use <strong>openssl<\/strong> command to generate the authentication credentials as shown below. Replace the USERNAME and PASSWORD accordingly;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>printf \"USERNAME:$(openssl passwd -crypt PASSWORD)\\n\" &gt; \/etc\/nginx\/kibana.users<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"active-kibana-nginx-configuration\">Active Kibana Nginx Configuration<\/h4>\n\n\n\n<p>Next, run the commands below to enable Kibana Nginx configuration, verify the Nginx syntax and reload it if everything is okay.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ln -s \/etc\/nginx\/sites-available\/kibana \/etc\/nginx\/sites-enabled\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nginx -t<br> nginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok<br> nginx: configuration file \/etc\/nginx\/nginx.conf test is successful<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl reload nginx<\/code><\/pre>\n\n\n\n<p>If UFW is running, allow Nginx connections, both HTTP and HTTPS.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 'Nginx Full'<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"access-kibana-dashboard\">Access Kibana Dashboard<\/h4>\n\n\n\n<p>You should now be able to access Kibana dashboard via the server fully qualified hostname, <strong>https:\/\/elk.example.com<\/strong> in this case. Accept the risk of using the self-signed certificate and proceed. Before you can access the Kibana dashboard, you will be required to provide the authentication credentials set above.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/Kibana-Nginx-Authentication.png\"><img loading=\"lazy\" decoding=\"async\" width=\"712\" height=\"224\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/Kibana-Nginx-Authentication.png\" alt=\"Install Elastic Stack 7 on Ubuntu\" class=\"wp-image-3502\" title=\"\"><\/a><\/figure><\/div>\n\n\n<p>After authentication, you will land on Kibana dashboard. Since we don&#8217;t have data yet, you will see the screen below. Click <strong>Explore My Own<\/strong> to proceed to Kibana dashboard.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/kibana-data.png\"><img loading=\"lazy\" decoding=\"async\" width=\"509\" height=\"492\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/kibana-data.png\" alt=\"Install Elastic Stack 7 on Ubuntu\" class=\"wp-image-3504\" title=\"\"><\/a><\/figure><\/div>\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1353\" height=\"648\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/kibana-default-dashboard.png\" alt=\"Install Elastic Stack 7 on Ubuntu\" class=\"wp-image-3505\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/kibana-default-dashboard.png 1353w, https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/06\/kibana-default-dashboard-768x368.png 768w\" sizes=\"(max-width: 1353px) 100vw, 1353px\" \/><\/figure>\n\n\n\n<p>Kibana is now configured. The next step is to install Logstash, the data processing engine and Filebeat, the data shippers. See the installation links below.<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-and-configure-logstash-7-on-ubuntu-18-debian-9-8\/\" target=\"_blank\">Install and Configure Logstash 7 on Ubuntu 18\/Debian 9.8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-filebeat-7-on-ubuntu-18-04-debian-9-8\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Install and Configure Filebeat 7 on Ubuntu 18.04\/Debian 9.8<\/a><\/p>\n\n\n\n<p>Reference;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/setup.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Kibana User Guide (opens in a new tab)\">Kibana User Guide<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This tutorial will guide on how to install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8. We will be discussing the installation and configuration of each<\/p>\n","protected":false},"author":1,"featured_media":5014,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,910],"tags":[912,913,922,6510,920,921],"class_list":["post-2748","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-elastic-stack","tag-elastic-stack","tag-elk","tag-filebeat","tag-install-elastic-stack-7-on-ubuntu","tag-kibana","tag-logstash","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2748"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2748"}],"version-history":[{"count":19,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2748\/revisions"}],"predecessor-version":[{"id":16077,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2748\/revisions\/16077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/5014"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}