How To Install ELK Stack on Debian 10

Install ELK Stack on Debian 10

In this tutorial, we will show you how to install ELK Stack on Debian 10. For those of you who didn’t know, ELK stack is a popular, open-source log management platform. It is used as centralized management for storing, analyzing, and viewing logs. Centralized management makes it easier to study the logs and identify issues if any for any number of servers.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of ELK Stack on a Debian 10 (Buster).

Install ELK Stack on Debian 10 Buster

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Installing Java.

Run the following command to install Java on the Debian system:

sudo apt install openjdk-11-jre

Verify installed Java version:

java -version

Step 3. Installing Elasticsearch on Debian 10.

First, add the Elasticsearch repository:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

Next, add the Elasticsearch repository to the system by issuing:

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list

Now run apt update then install Elasticsearch package on your Debian system:

sudo apt update
sudo apt install elasticsearch

When the installation process is complete, start, and enable the service using the following commands:

sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service

You can test it using curl the command-line utility. Run the simple GET command using curl to verify the setup. You will see the Elasticsearch cluster details with the version on your screen:

curl -X GET "localhost:9200/"

You should see something similar to this:

{
  "name" : "GoDeTz",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "B-5B34Meilana-MariaeIYkimpoiD3ww",
  "version" : {
    "number" : "6.6.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "1fd8f69",
    "build_date" : "2020-12-08T17:15:36.160291Z",
    "build_snapshot" : false,
    "lucene_version" : "7.8.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.8.0"
  },
  "tagline" : "You Know, for Search"
}

Step 4. Installing Logstash.

Install Logstash using the apt package manager from the official Elastic repository:

sudo apt install logstash-oss

Once the Logstash package is installed start the Logstash service and set it to start automatically on boot:

sudo systemctl restart logstash
sudo systemctl enable logstash

Step 5. Installing Kibana.

Kibana provides visualization of data stored on Elasticsearch. Now we install Kibana using the following command.

sudo apt install kibana-oss

Once the installation is completed, open the kibana.yml file and restrict the remote access to the Kibana instance:

nano /etc/kibana/kibana.yml

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "localhost"

Start the Kibana service and set it to start automatically on boot:

sudo systemctl start kibana
sudo systemctl enable kibana

Step 6. Installing and configure Nginx.

To configure Nginx with SSL to Proxy connection to Kibana, you need to generate the SSL/TLS certificates and create an Nginx configuration file to define Kibana settings:

sudo apt install nginx

Next, create a basic authentication file with the OpenSSL command:

echo "admin:`openssl passwd -apr1 YourPasswd`" | sudo tee -a /etc/nginx/htpasswd.kibana

Then, create a virtual host configuration file for the Kibana instance:

rm -f /etc/nginx/sites-enabled/default
nano /etc/nginx/sites-available/kibana

Add the following line:

server {
listen 80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}

server {
listen 443 default_server ssl http2;

server_name _;

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_session_cache shared:SSL:10m;

auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;

location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Then, create a symbolic link and test the Nginx configuration:

ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
nginx -t

Restart the Nginx service and set it to start automatically on boot:

sudo systemctl restart nginx
sudo systemctl enable nginx

If UFW is running, allow Nginx connections, both HTTP and HTTPS:

sudo ufw allow 'Nginx Full'

Step 7. Accessing Kibana Web Interface.

You can access the Kibana web interface using the following URL:

https://Your-Ip-Address

Install ELK Stack on Debian 10

Congratulations! You have successfully installed ELK Stack. Thanks for using this tutorial for installing ELK Stack on Debian 10 Buster. For additional help or useful information, we recommend you to check the official ELK Stack website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!