How to Install Elasticsearch on Ubuntu 22.04 with SSL

How to Install Elasticsearch on Ubuntu 22.04 with SSL

Posted on

Find out how to Set up Elasticsearch on Ubuntu 22.04 with SSL. Elasticsearch 8 is a strong scalable actual time distributed search and knowledge evaluation. Right here you’ll learn to configure SSL to your Elasticsearch set up with Nginx reverse proxy on Ubuntu 22.04.

You’ll create a subdomain to your Elasticsearch service and set up free Let’s Encrypt SSL certificates utilizing Certbot.

This setup is examined on Google Cloud Platform working Ubuntu 22.04 LTS. So this information will work good on different cloud service suppliers like AWS, Azure or any VPS or devoted servers.


  • A server with minimal 2GB RAM and 2vCPU
  • A person with sudo privileges.

Preliminary Server Setup

Begin by updating the server software program packages to the newest model out there.

sudo apt replace 
sudo apt improve

Configure Sub-Area

Be sure to use a sub-domain to entry your Elasticsearch set up.

Go to your DNS administration part and create a brand new A file with the title of you would like to your subdomain (for instance search) and worth of your your server IP tackle.

So your sub-domain will look just like the one beneath. If you happen to want to configure your major area you are able to do that additionally.

Step 1: Set up ElasticSearch

Java is already included with the Elasticsearch package deal, so that you don’t need to set up Java manually. Be taught extra about putting in Java on Ubuntu 22.04.

Right here we’ll set up Elasticsearch 8.

Begin by importing Elasticsearch repository’s GPG key.

wget -qO - | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

Add the repository to the sources listing of your Ubuntu server or system.

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] secure major" | sudo tee /and so on/apt/sources.listing.d/elastic-8.x.listing

Replace the package deal listing and set up ElasticSearch.

sudo apt replace
sudo apt set up elasticsearch

As soon as the set up is accomplished you’ll obtain the tremendous person password, please be aware that and safe it.

------------------- Safety autoconfiguration data ----------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : houbJ1uivo5b=aVYYPa5

If this node ought to be part of an present cluster, you'll be able to reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token in your present cluster.

You'll be able to full the next actions at any time:

Reset the password of the elastic built-in superuser with 
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana cases with 
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with 
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.


Elasticsearch service shouldn’t be began mechanically upon set up, you want execute the beneath instructions to configure Elasticsearch service to start out mechanically utilizing systemd.

sudo systemctl daemon-reload
sudo systemctl allow elasticsearch.service
sudo systemctl begin elasticsearch.service

As soon as Elasticsearch is put in you’ll be able to prohibit port 9200 from exterior entry by enhancing the elasticsearch.yml file and uncomment the and substitute the worth with Inner IP or any IP or localhost.

sudo nano /and so on/elasticsearch/elasticsearch.yml 

So it appears appears like this.. INTERNAL_IP

It’s also possible to use localhost as host or any IP tackle you would like.

Hit Ctrl+X adopted by Y and Enter to avoid wasting the file and exit.

Now begin and allow Elasticsearch on server boot.

sudo systemctl begin elasticsearch
sudo systemctl allow elasticsearch

Now be sure your Elasticsearch service is working.

sudo systemctl standing elasticsearch

Step 2: Confirm if Elasticsearch works

Take a look at your set up by sending a HTTPs request by attaching the certificates utilizing the beneath command.

Be aware of the password you acquired earlier, you will want to make use of that whereas prompted.

sudo su
curl --cacert /and so on/elasticsearch/certs/http_ca.crt -u elastic https://INTERNAL_IP:9200

Enter the password whereas prompted.

You’ll obtain a response as proven beneath.

  "title" : "elasticsearch-vm",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "vGrj3z4rQEWRBUdd9IhZWA",
  "model" : {
    "quantity" : "8.2.2",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
    "build_date" : "2022-05-25T15:47:06.259735307Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  "tagline" : "You Know, for Search"

Step 3: Set up and Configure Nginx for Elasticsearch

Now it’s time to put in and configure Nginx. Execute the beneath command to put in Nginx.

sudo apt set up nginx

Now you’ll be able to configure Nginx reverse proxy fro your Elasticsearch.

Take away default configurations

sudo rm /and so on/nginx/sites-available/default
sudo rm /and so on/nginx/sites-enabled/default

Create a brand new Nginx configuration file.

sudo nano /and so on/nginx/sites-available/search.conf

Paste the next.

Word: It’s essential use very same IP or localhost that you simply used within the host of Elasticsearch configuration.

server {
     hear [::]:80;
     hear 80;


location / {
     proxy_pass http://INTERNAL_IP:9200;
     proxy_redirect off;
     proxy_read_timeout    90;
     proxy_connect_timeout 90;
     proxy_set_header  X-Actual-IP  $remote_addr;
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header  Host $http_host;

Save and exit the file.

Allow your configuration by making a symbolic hyperlink.

sudo ln -s /and so on/nginx/sites-available/search.conf /and so on/nginx/sites-enabled/search.conf

Step 4: Set up Let’s Encrypt SSL

HTTPS is a protocol for safe communication between a server (occasion) and a shopper (internet browser). Because of the introduction of Let’s Encrypt, which offers free SSL certificates, HTTPS are adopted by everybody and in addition offers belief to your audiences.

sudo apt set up python3-certbot-nginx

Now now we have put in Certbot by Let’s Encrypt for Ubuntu 22.04, run this command to obtain your certificates.

sudo certbot --nginx --agree-tos --no-eff-email --redirect -m [email protected] -d

This command will set up Free SSL, configure redirection to HTTPS and restarts the Nginx server.

Step 5: Renewing SSL Certificates

Certificates supplied by Let’s Encrypt are legitimate for 90 days solely, so it’s worthwhile to renew them usually. So, let’s check the renewal characteristic utilizing the next command.

sudo certbot renew --dry-run

This command will check the certificates expiry and configures the auto-renewable characteristic.

Put together your self for a job working as an Information Technology Professional with Linux working system


Now you’ve gotten discovered easy methods to set up Elasticsearch 8 and safe it with Let’s Encrypt free ssl on Ubuntu 22.04.

Thanks to your time. If you happen to face any downside or any suggestions, please depart a remark beneath.

offshore vps