Skip to content

Deployment Overview of Kibana on Server

Prerequisites and Basic Requirements

The deployment requires a server running Ubuntu with root privileges. The following components must be present or installed during the setup process:

  • Operating System: Ubuntu

  • Privileges: Root access (root user)

  • Required packages: apt-transport-https, curl, gnupg, software-properties-common, unzip, nginx, certbot, python3-certbot-nginx, ufw

  • Network connectivity to artifacts.elastic.co for repository access and letsencrypt.org for SSL certificates

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • kibana<Server ID>.hostkey.in

  • Access is provided over HTTPS on port 443.

File and Directory Structure

The application utilizes the following directory structure for configuration, data, and certificates:

Component Directory Path Description
Elasticsearch Config /etc/elasticsearch Main configuration files
Elasticsearch Data /var/lib/elasticsearch Persistent data storage
Elasticsearch Logs /usr/share/elasticsearch/logs Log files
Elasticsearch Certs /etc/elasticsearch/certs SSL/TLS certificates and keys
Kibana Config /etc/kibana Main configuration files
Kibana Logs /var/log/kibana Log files
Nginx Config /etc/nginx/sites-available Site-specific configuration
Nginx Enabled Sites /etc/nginx/sites-enabled Symlinks to active sites
SSL Certificates /etc/letsencrypt Let's Encrypt certificates
Certbot Webroot /var/www/certbot Directory for ACME challenges
Docker Proxy /root/kibana-nginx-proxy Docker Compose files for proxy
Credentials /root/.kibana_passwords Stored user credentials

Application Installation Process

The system installs specific versions of the Elastic Stack components using the APT package manager:

  • Elasticsearch Version: 8.18.3

  • Kibana Version: 8.18.3

The installation sequence involves:

  1. Adding the Elastic GPG key and repository.

  2. Installing elasticsearch and kibana packages.

  3. Generating SSL certificates for internal communication using elasticsearch-certutil.

  4. Configuring services and enabling them to start on boot.

Access Rights and Security

Security is enforced through the following mechanisms:

  • Firewall: The ufw (Uncomplicated Firewall) is enabled to restrict access.

  • Allowed Ports: Only ports 22, 80, 443, 5601, and 9200 are explicitly allowed.

  • User Accounts:

  • elasticsearch: Service account for Elasticsearch.

  • kibana: Service account for Kibana.

  • root: Used for administrative tasks and initial setup.

  • Password Management: Initial passwords for elastic and kibana_system users are set to the SSH password used for server access. These are stored in /root/.kibana_passwords.

Databases

Elasticsearch serves as the backend database for Kibana.

  • Connection Method: Kibana connects to Elasticsearch via HTTPS on localhost:9200.

  • Authentication: Kibana uses the kibana_system user with a password matching the SSH password.

  • SSL Verification: Kibana verifies the Elasticsearch certificate using the CA certificate located at /etc/kibana/ca.crt.

  • Storage: Data is stored in /var/lib/elasticsearch.

Docker Containers and Their Deployment

A Docker container is deployed to manage the Nginx proxy and SSL termination.

  • Directory: /root/kibana-nginx-proxy

  • Container Name: Defined dynamically in the compose file.

  • Image: nginx:latest

  • Network Mode: host

  • Restart Policy: always

  • Volumes:

  • Nginx configuration mapped from /etc/nginx/sites-enabled.

  • Let's Encrypt certificates mapped from /etc/letsencrypt.

  • Certbot webroot mapped from /var/www/certbot.

The container is managed using docker compose up -d executed from the /root/kibana-nginx-proxy directory.

Proxy Servers

Nginx acts as a reverse proxy and SSL terminator for Kibana.

  • Configuration Location: /etc/nginx/sites-available/kibana<Server ID>.hostkey.in

  • SSL Provider: Let's Encrypt via Certbot.

  • Domain: kibana<Server ID>.hostkey.in

  • Behavior:

  • Port 80 redirects all traffic to HTTPS (Port 443).

  • Port 443 handles SSL termination and proxies requests to http://localhost:5601.

  • ACME challenges are served from /var/www/certbot.

Permission Settings

File and directory permissions are set as follows to ensure security and proper service operation:

  • Elasticsearch Certs Directory: Mode 0750, owned by elasticsearch:elasticsearch.

  • Elasticsearch Cert Files: Mode 0640 (certs) and 0600 (keys), owned by elasticsearch:elasticsearch.

  • Kibana Certs Directory: Mode 0750, owned by kibana:kibana.

  • Kibana Cert Files: Mode 0640, owned by kibana:kibana.

  • Nginx Config: Mode 0644, owned by root:root.

  • Docker Compose Directory: Mode 0755, owned by root:root.

  • Docker Compose File: Mode 0644, owned by root:root.

  • Credentials File: Mode 0600, owned by root:root.

Location of Configuration Files and Data

Key configuration files are located at:

  • Elasticsearch: /etc/elasticsearch/elasticsearch.yml

  • Kibana: /etc/kibana/kibana.yml

  • Nginx Site Config: /etc/nginx/sites-available/kibana<Server ID>.hostkey.in

  • Docker Compose: /root/kibana-nginx-proxy/compose.yml

  • System Message: /etc/motd (contains access instructions)

Available Ports for Connection

The following ports are open and configured for specific services:

  • 22: SSH access.

  • 80: HTTP (redirects to HTTPS).

  • 443: HTTPS (Nginx proxy for Kibana).

  • 5601: Kibana (internal, proxied via Nginx).

  • 9200: Elasticsearch (internal, HTTPS).

Starting, Stopping, and Updating

Services are managed using systemd for native installations and docker compose for the proxy container.

Elasticsearch Service:

  • Start: systemctl start elasticsearch

  • Stop: systemctl stop elasticsearch

  • Restart: systemctl restart elasticsearch

  • Enable: systemctl enable elasticsearch

Kibana Service:

  • Start: systemctl start kibana

  • Stop: systemctl stop kibana

  • Restart: systemctl restart kibana

  • Enable: systemctl enable kibana

Nginx Service:

  • Start: systemctl start nginx

  • Stop: systemctl stop nginx

  • Restart: systemctl restart nginx

  • Status: systemctl status nginx

Docker Proxy Container:

  • Start/Restart: docker compose up -d (executed from /root/kibana-nginx-proxy)

  • Stop: docker compose down (executed from /root/kibana-nginx-proxy)

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×