Contents

How to Install and Configure the ELK Stack on Ubuntu 16.04

11 Sep 2018 0 25  0
How to Install and Configure the ELK Stack on Ubuntu 16.04
How to Install and Configure the ELK Stack on Ubuntu 16.04

In this tutorial we will teach you how to install and configure the ELK stack for Ubuntu 16.04.

ELK stands for Elasticsearch, Logstash, and Kibana; is a robust, open source solution for searching, analyzing, and visualizing data. Elasticsearch is a distributed, RESTful search and analytics engine based on Lucene while Logstash is a data processing pipeline for managing events and logs and Kibana is a web application for visualizing data in Elasticsearch.

This ELK stack guide will work on any Linux VPS system, however, it was tested and made for Ubuntu 16.04 VPS.

Installing the ELK Stack on Ubuntu 16.04 is pretty simple, just follow the steps below and you will have it installed in less than 15 minutes.

 

Prerequisites

For this guide to work, you are required to have a couple of things:

  • A Ubuntu 16.04 VPS
  • A user with sudo privileges

 

Update the system and install the required packages

sudo apt update && apt -y upgrade

sudo apt install apt-transport-https software-properties-common wget

You will need to make sure that you update the softwares on your Linux VPS or just set up automatic updates.

 

Install Oracle Java JDK via PPA

You will be using the PPA repository maintained by the Webupd8 Team.

The install script is going to prompt you to accept the license agreement and it should download the java archive file from the download page before setting everything up for you.

To append the Webupd8 Team PPA repository, execute the commands below on your server.

sudo add-apt-repository ppa:webupd8team/java

sudo apt update

You may then install JDK8 using the command below.

sudo apt install oracle-java8-installer

To verify if everything was set correctly, execute the following command.

java -version

You will see something similar to the output below.

java version "1.8.0_131"

Java(TM) SE Runtime Environment (build 1.8.0_131-b11)

Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

Install and configure Elasticsearch

Install Elasticsearch with the package manager from the Elastic repository.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

sudo apt update

sudo apt install elasticsearch

After the installation is finished, open the ‘elasticsearch.yml’ file and restrict the remote access to the Elasticsearch instance.

sudo nano /etc/elasticsearch/elasticsearch.yml

network.host: localhost

Initiate the Elasticsearch service and make it start automatically on boot.

sudo systemctl restart elasticsearch

sudo systemctl enable elasticsearch

Install and Configure Kibana

Just like Elasticsearch, you are going to install Kibana with the package manager from the Elastic repository.

sudo apt install kibana
After the installation is done, open the ‘kibana.yml' file and restrict the remote access to the Kibana instance.

sudo nano /etc/kibana/kibana.yml

server.host: "localhost"

In the same way as before, you now need to initiate the Elasticsearch service and set it to start automatically on boot.

sudo systemctl restart kibana

sudo systemctl enable kibana

Kibana should now run on localhost on port 5601

Install and configure Nginx as a reverse proxy

Use Nginx as a reverse proxy to access Kibana from the public IP address. To install Nginx, you will need to execute the command below.

sudo apt-get install nginx

Create a basic authentication file using the ‘openssl’ command.

echo "admin:$(openssl passwd -apr1 YourStrongPassword)" | sudo tee -a /etc/nginx/htpasswd.kibana

Remember to always use a strong password.

Generate a self-signed ssl certificate.

Remove the default nginx virtual host.

sudo rm /etc/nginx/sites-enabled/default

Now create a virtual host configuration file for our Kibana instance.

sudo nano /etc/nginx/sites-available/kibana

server {

    listen 80 default_server;

    server_name _;

    return 301 https://$server_name$request_uri;

}



server {

    listen 443 default_server ssl http2;

    server_name _;

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;

    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

    ssl_session_cache shared:SSL:10m;

    auth_basic "Restricted Access";

    auth_basic_user_file /etc/nginx/htpasswd.kibana;

    location / {

        proxy_pass http://localhost:5601;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection 'upgrade';

        proxy_set_header Host $host;

        proxy_cache_bypass $http_upgrade;

    }

}

Enable the server block by making a symbolic link.

sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana

 

Try the Nginx configuration and restart Nginx with the below.

sudo nginx -t

sudo service nginx restart

 

Install Logstash

The last thing you have to do is install Logstash with the package manager from the Elastic repository.

sudo apt install logstash

 

The Logstash configuration will depend on your personal preference and the plugins you want to use.

Conclusion

This is all, you should now have the ELK Stack successfully installed on your Ubuntu 16.04 VPS.

0 Comments
Add a comment

Leave a Reply