How already announcedI would like to realize dashboards for Exchange Server with Elasticsearch, more precisely, the Elastic Stack (ELK). This part is about the installation of the Elastic Stack on a Debian 9.8 VM.
Introduction
I have described the installation and configuration in this article so that the environment can be rebuilt if you are interested. When I wrote the article, Debian 9.8 was/is current. Elasticsearch, Logstash and Kibana are available in version 6.6.1.
In this case, Elasticsearch is only installed as a single node without a cluster and Kibana is accessed via NGINX as a reverse proxy.
Installation Elastic Stack on Debian 9.8
The installation takes place on a VM with 4 CPUs, 16 GB RAM and a 120 GB SSD.
Installation Debian 9.8
I will only briefly describe the installation of Debian here. This chapter on installing the operating system is only intended to provide an overview and make it easier to follow, which is why there are only screenshots of the relevant settings.
I used the Debian 9.8 NetInst ISO for the installation:
I have only installed the SSH server directly during the installation, everything else is installed manually:
This means that access via SSH is possible directly after installation and further configuration can be carried out remotely. It is advisable to assign a fixed IP or to create a DHCP reservation for the computer.
Installation and configuration Elastic Stack
Before you can really get started, a few packages need to be installed:
apt-get install apt-transport-https software-properties-common wget curl openjdk-8-jdk ssl-cert
After installation, the Elastic package sources can be added:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list apt-get update
Elasticsearch can now be installed:
apt-get install elasticsearch
After installation, the configuration of Elasticsearch can be customized. For this small test environment, it is sufficient for Elasticsearch to only be accessible on the computer itself (localhost). The configuration file can be edited for this purpose:
nano /etc/elasticsearch/elasticsearch.yml
The following line can now be added in the network configuration:
network.host: localhost
The Elasticserach Deamon must now be restarted and can also be configured to start automatically at system startup:
systemctl restart elasticsearch systemctl enable elasticsearch
You can easily check whether everything has worked up to this point using curl. The following command should provide a corresponding response:
curl -X GET http://localhost:9200
If Elasticsearch provides an appropriate response, Kibana can be installed:
apt-get install kibana
After installation, the configuration can also be adjusted here:
nano /etc/kibana/kibana.yml
The line "server.host: "localhost" can be found at the top of the configuration file. In this line, only the hash "#" needs to be removed:
The Kibana Deamon is now restarted once and also configured for automatic start:
systemctl restart kibana systemctl enable kibana
To complete the ELK stack, Logstash is now installed. The configuration of Logstash is part of the next article, so it will only be installed and started here:
apt-get install logstash systemctl restart logstash systemctl enable logstash
The installation of the Elastic Stack is now complete and we can continue with NGINX.
Installation and configuration of NGINX
NGINX can be used as a reverse proxy so that access to Kibana via https also works. To do this, NGINX must first be installed:
apt-get install nginx
After installing NGNIX, the default configuration is removed first:
rm -f /etc/nginx/sites-enabled/default
A new NGINX configuration can now be created for Kibana:
nano /etc/nginx/sites-enabled/kibana
The following configuration can be inserted as an example:
server {
listen 80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name _;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This example configuration redirects HTTP requests to HTTPS and uses a self-signed SSL certificate. Kibana is configured as the target web server.
The configuration of NGINX can be tested with the following command:
nginx -t
Now NGINX can also be restarted and configured to start automatically:
systemctl restart nginx systemctl enable nginx
The installation of the required components is now complete.
First login and completion of the installation
Once the installation has been completed, Kibana can be opened in the browser. The demo data does not need to be imported in this case:
Monitoring can now be activated directly, giving you a small insight into the environment:
After a short time, an overview of the Elastic Stack is displayed:
A single node Elastic Stack environment is now available, albeit still without data:
The next article is about Logstash and the data.
Have you ever https://azuremarketplace.microsoft.com/de-de/marketplace/apps/elastic.elasticsearch?tab=Overview connected ? The whole thing is then an in Azure as a service. :-)
Hi Frank,
for the moment it can also be a little smaller on your own hardware :-)
Greetings,
Frank