Install Kibana

First, make sure that all of the latest patches are installed. 

sudo apt update
sudo apt dist-upgrade
sudo reboot

Configure Firewall: 

sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Install Install Java

Add the Elastic Search Key and Software: 

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 
cat > /tmp/elastic-7.x.list << EOF
deb https://artifacts.elastic.co/packages/7.x/apt stable main
EOF
 
sudo mv /tmp/elastic-7.x.list /etc/apt/sources.list.d/
 
sudo apt-get update
 
sudo apt-get install kibana

Configure the Kibana configuration: 

sudo sed -i 's/#server.name: "your-hostname"/server.name: "kibana-1"/g'  /etc/kibana/kibana.yml

If you are going to use Kibana with an Elasticsearch cluster, skip the next line since it will be configured below… 

sudo sed -i 's|#elasticsearch.hosts: \["http://localhost:9200"\]|elasticsearch.hosts: \["http://elasticsearch.contoso.com:9200"\]|g' /etc/kibana/kibana.yml

Start Kibana, configure it to automatically start: 

sudo service kibana start
 
sudo systemctl enable kibana

Install NGINX Web Server

Set up the reverse proxy to serve the Kibana UI: 

cat > /tmp/kibana << EOF
server {
    listen 80;
 
    location / {
        proxy_pass http://127.0.0.1:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_cache_bypass \$http_upgrade;        
    }
}
EOF
 
sudo mv /tmp/kibana /etc/nginx/sites-available/
 
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
 
sudo service nginx reload

Using With An Elasticsearch Cluster

You'll need to set-up the Elasticsearch software on the Kibana server using the “client” role and the Elasticsearch cluster name.

Install Elastic Search but do not start the service.

Configure the Kibana node as a Coordinating-only node. In elasticsearch.yml, set node.data, node.master and node.ingest to false: 

echo "node.master: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.data: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.ingest: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml

Configure the client node to listen only on the loopback device: 

sudo sed -i 's/network.host: [_eth0_, _local_]/network.host: [_local_]/g' /etc/elasticsearch/elasticsearch.yml
sudo sed -i 's/#elasticsearch.url: "http://localhost:9200"/elasticsearch.url: "http://localhost:9200"/g'  /etc/kibana/kibana.yml