There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter
You are here: Home » Linux » Centralized Logging » Install Kibana My Internal Area

Install Kibana

First, make sure that all of the latest patches are installed. 

sudo apt update
sudo apt dist-upgrade
sudo reboot

Configure Firewall: 

sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Install Install Java

Add the Elastic Search Key and Software: 

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 
cat > /tmp/elastic-7.x.list << EOF
deb https://artifacts.elastic.co/packages/7.x/apt stable main
EOF
 
sudo mv /tmp/elastic-7.x.list /etc/apt/sources.list.d/
 
sudo apt-get update
 
sudo apt-get install kibana

Configure the Kibana configuration: 

sudo sed -i 's/#server.name: "your-hostname"/server.name: "kibana-1"/g'  /etc/kibana/kibana.yml

If you are going to use Kibana with an Elasticsearch cluster, skip the next line since it will be configured below… 

sudo sed -i 's|#elasticsearch.hosts: \["http://localhost:9200"\]|elasticsearch.hosts: \["http://elasticsearch.contoso.com:9200"\]|g' /etc/kibana/kibana.yml

Start Kibana, configure it to automatically start: 

sudo service kibana start
 
sudo systemctl enable kibana

Install NGINX Web Server

Set up the reverse proxy to serve the Kibana UI: 

cat > /tmp/kibana << EOF
server {
    listen 80;
 
    location / {
        proxy_pass http://127.0.0.1:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_cache_bypass \$http_upgrade;        
    }
}
EOF
 
sudo mv /tmp/kibana /etc/nginx/sites-available/
 
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
 
sudo service nginx reload

Using With An Elasticsearch Cluster

You'll need to set-up the Elasticsearch software on the Kibana server using the “client” role and the Elasticsearch cluster name.

Install Elastic Search but do not start the service.

Configure the Kibana node as a Coordinating-only node. In elasticsearch.yml, set node.data, node.master and node.ingest to false: 

echo "node.master: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.data: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.ingest: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml

Configure the client node to listen only on the loopback device: 

sudo sed -i 's/network.host: [_eth0_, _local_]/network.host: [_local_]/g' /etc/elasticsearch/elasticsearch.yml
sudo sed -i 's/#elasticsearch.url: "http://localhost:9200"/elasticsearch.url: "http://localhost:9200"/g'  /etc/kibana/kibana.yml
Copyright © 2022 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             


Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.