I've always wanted to write this article but never got the chance to do so, I had written some notes on how to set up Elasticsearch and Kibana on an Ubuntu server (20.04 or later). Whether you're building a search engine, analyzing logs, or just exploring the Elastic Stack, this guide will help you get everything up and running smoothly.

Here's how I did it:

Setting up Elasticsearch

Add the Elasticsearch GPG key and repository

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Install Elasticsearch

sudo apt update
sudo apt install elasticsearch

Configure Elasticsearch by editing /etc/elasticsearch/elasticsearch.yml

network.host: localhost
http.port: 9200
http.host: 0.0.0.0

Start and enable Elasticsearch

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Set up an NGINX reverse proxy for Elasticsearch

Add this server block to your NGINX config (e.g., /etc/nginx/sites-available/your_domain):

server {
   listen 8834;

   # Uncomment for SSL
   # listen 8834 ssl;
   # ssl_certificate /path/to/certificate/crt.pem;
   # ssl_certificate_key /path/to/key/key.pem;
   # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   # ssl_prefer_server_ciphers on;
   # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

   server_name your_domain;

   location / {
      proxy_pass http://localhost:9200;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
   }
}

and then test and restart NGINX service:

sudo nginx -t
sudo systemctl restart nginx

Once done, you can verify if Elasticsearch is running by visiting http://yourdomain.com:8834 in your browser. You should see a JSON response with Elasticsearch details.

Setting up Kibana

Install Kibana

sudo apt install kibana

Configure Kibana by editing /etc/kibana/kibana.yml

server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://localhost:9200"]

Start and enable Kibana

sudo systemctl enable kibana
sudo systemctl start kibana

Create an admin user for Kibana

echo "your_admin_username:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users

Make sure that you enter a strong password when prompted.

Set up an NGINX reverse proxy for Kibana

Add this server block to your NGINX config:

server {
   listen 8833;

   # Uncomment for SSL
   # listen 8833 ssl;
   # ssl_certificate /path/to/certificate/crt.pem;
   # ssl_certificate_key /path/to/key/key.pem;
   # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   # ssl_prefer_server_ciphers on;
   # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

   server_name your_domain;

   auth_basic "Restricted Access";
   auth_basic_user_file /etc/nginx/htpasswd.users;

   location / {
      proxy_pass http://localhost:5601;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
   }
}

and then test and restart NGINX service:

sudo nginx -t
sudo systemctl restart nginx

Once done, you can try to access Kibana by visiting http://yourdomain.com:8833. You'll be prompted for the admin credentials you created earlier.

Wrapping Up

And there you go! Elasticsearch and Kibana are now up and running on your Ubuntu server, ready to help you search, analyze, and visualize your data. Whether you're diving into logs, building a search feature, or just experimenting with the Elastic Stack, this setup should give you a solid foundation.

References

Hope you found this useful!