Elasticsearch is an open-source distributed full-text search and analytics engine. It supports RESTful operations and allows you to store, search, and analyze big volumes of data in real-time. Elasticsearch is one of the most popular search engines powering applications that have complex search requirements such as big e-commerce stores and analytic applications. Elasticsearch is a platform for distributed search and analysis of data in real time. It is a popular choice due to its usability, powerful features, and scalability.
The Elasticsearch components are not available in Ubuntu’s default package repositories. They can, however, be installed with APT after adding Elastic’s package source list.
All of the packages are signed with the Elasticsearch signing key in order to protect your system from package spoofing. Packages which have been authenticated using the key will be considered trusted by your package manager. In this step, you will import the Elasticsearch public GPG key and add the Elastic package source list in order to install Elasticsearch.
To begin, use cURL, the command line tool for transferring data with URLs, to import the Elasticsearch public GPG key into APT. To configure Elasticsearch, we will edit its main configuration file elasticsearch.yml where most of its configuration options are stored. This file is located in the /etc/elasticsearch directory.
By default, Elasticsearch can be controlled by anyone who can access the HTTP API. This is not always a security risk because Elasticsearch listens only on the loopback interface (that is, 127.0.0.1), which can only be accessed locally. Thus, no public access is possible and as long as all server users are trusted, security may not be a major concern.
If you need to allow remote access to the HTTP API, you can limit the network exposure with Ubuntu’s default firewall, UFW.
First, import the GPG key with the following command:
User:~ wget -qO - |
Next, add the Elasticsearch repository with the following command:
User:~ sh -c 'echo "deb>|
Then, install the apt-transport-https:
User:~ sudo apt install apt-transport-https |
Add Elasticsearch repository:
User:~ echo "deb stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list |
Now, you can install the Elasticsearch:
User:~ sudo apt update
User:~ sudo apt install elasticsearch |
The configuration file of Elasticsearch is located at /etc/elasticsearch/elasticsearch.yml
Start the Elasticsearch service by running:
User:~ sudo systemctl start elasticsearch.service |
Enable Elasticsearch service to start at boot, type:
User:~ sudo systemctl enable elasticsearch.service|
Verify that Elasticsearch is running and listening on port 9200:
User:~ curl -X GET "localhost:9200"|
Elasticsearch has a tool to setup passwords, using the auto option, you can let Elasticsearch generate passwords automatically.
User:~ sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto |
Next, you will generate the certificate and the key using the openssl command Change the file permissions so that the elasticsearch user can also read the key file. Open Elasticsearch’s configuration file with your favorite editor.
Paste the following at the end of the file.
xpack.security.enabled: true xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.certificate: /etc/elasticsearch/config/es-cert.pem |
This configuration enables security options so that password protection is enabled. Next you define the SSL certificate and key file. Restart Elasticsearch with systemctl so that the new configuration takes effect.
User:~ sudo systemctl restart elasticsearch.service |
Now you can test via the curl command without a password to make sure password protection is enabled. Note that as a self-signed certificate is used, the -k option is needed to accept the certificate.
User:~ curl -k https://localhost:9200/ |
Elasticsearch provides the following benefits:
ELK can help you manage your logs, and Kibana specifically has some excellent tools to help you visualize and organize that data.