Cloudbooklet
  • News
  • Artificial Intelligence
  • Applications
  • Linux
No Result
View All Result
Cloudbooklet
  • News
  • Artificial Intelligence
  • Applications
  • Linux
No Result
View All Result
Cloudbooklet
No Result
View All Result
Home Google Cloud

Install and Secure Elasticsearch with Let’s Encrypt on Ubuntu

by Cloudbooklet
3 years ago
in Google Cloud, Compute Engine
Install And Secure Elasticsearch With Let'S Encrypt On Ubuntu
ShareTweetSendShare
Readers like you help support Cloudbooklet. When you make a purchase using links on our site, we may earn an affiliate commission.

Secure Elasticsearch using Let’s Encrypt SSL with Nginx. Learn how to configure SSL to your Elasticsearch installation with Nginx reverse proxy on Ubuntu system or server. In this guide you will create a subdomain for your Elasticsearch service and install free Let’s Encrypt SSL certificate using Certbot. This setup is tested on Google Cloud Platform […]

ADVERTISEMENT

Secure Elasticsearch using Let’s Encrypt SSL with Nginx. Learn how to configure SSL to your Elasticsearch installation with Nginx reverse proxy on Ubuntu system or server.

In this guide you will create a subdomain for your Elasticsearch service and install free Let’s Encrypt SSL certificate using Certbot.

This setup is tested on Google Cloud Platform running Ubuntu 18.04 LTS. So this guide will work perfect on other cloud service providers like AWS, Azure or any VPS or dedicated servers.

ADVERTISEMENT

Prerequisites

  • Standard Instance (3.75 GB RAM with Ubuntu 18.04 LTS).
  • A running Compute Engine, see the Setting up Compute Engine Instance.

Initial Server Setup

Start by updating the server software packages to the latest version available.

You might also like

How To Setup Ssh Keys On Ubuntu

How to Setup SSH Keys on Ubuntu 20.04

4 months ago
Draggan Ai Editing Tool Install And Use Draggan Photo Editor

DragGAN AI Editing Tool Install and Use DragGAN Photo Editor

4 months ago
sudo apt update 
sudo apt upgrade

Configure Sub-Domain

Make sure you use a sub-domain to access your Elasticsearch installation.

Go to your DNS management section and create a new A record with the name of you wish for your subdomain (for example search) and value of your your server IP address.

ADVERTISEMENT

So your sub-domain will look similar to the one below. If you wish to configure your main domain you can do that also.

search.yourdomain.com

Step 1: Install Java JDK

Java is necessary to install ElasticSearch. Install Java JDK using the following command.

ADVERTISEMENT
sudo apt install openjdk-8-jdk

Step 2: Configure Java Envitonment variable

Use the update-alternatives command to get the installation path of your Java version.

sudo update-alternatives --config java

OpenJDK 8 is located at /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

ADVERTISEMENT

Copy the installation path of your default version and add it in the JAVA_HOME environment variable.

sudo nano /etc/environment

At the end of this file, add the following line with your installation path. To use the official Java 8 by Oracle the variable will be as follows.

ADVERTISEMENT
JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java"

Hit Ctrl+X followed by Y and Enter to save and exit the nano editor.

Now JAVA_HOME environment variable is set and available for all users.

Reload to apply changes.

source /etc/environment

To verify the environment variable of Java

echo $JAVA_HOME

You will get the installation path you just set.

Now Java is successfully installed and you can install Elasticsearch.

Step 3: Install ElasticSearch

Import Elasticsearch repository’s GPG key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Add the repository to the sources list of your Ubuntu server or system.

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Update the package list and install ElasticSearch.

sudo apt update
sudo apt install elasticsearch

Once Elasticsearch is installed you can restrict port 9200 from outside access by editing the elasticsearch.yml file and uncomment the network.host and replace the value with Internal IP or any IP or localhost.

sudo nano /etc/elasticsearch/elasticsearch.yml 

So it looks looks like this..

network.host: INTERNAL_IP

You can also use localhost as host or any IP address you wish.

Hit Ctrl+X followed by Y and Enter to save the file and exit.

Now start and enable Elasticsearch on server boot.

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Now make sure your Elasticsearch service is running.

sudo systemctl status elasticsearch

Test your installation by sending a HTTP request.

curl -X GET "INTERNAL_IP:9200"

You will get a response with name, cluster_name, cluster_uuid, version.

Step 4: Install Nginx

Now it’s time to install Nginx.

sudo apt install nginx

Step 5: Configure Firewall (UFW)

The firewall provides an additional layer of security to your instance by blocking inbound network traffic. The ufw (Uncomplicated Firewall) package is usually installed by default in Ubuntu 18.04 LTS, so we need to just add the rules which deny all incoming traffics and allow all outgoing traffics. We now add the ports for SSH (22), HTTP (80), HTTPS (443).

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable

Step 6: Install Fail2ban

This works alongside with ufw and monitors intrusion attempts to your instance and blocks the offending host for a set period of time, so let’s install it now.

sudo apt install fail2ban
sudo service fail2ban start

Step7: Configure Nginx

Now you can configure Nginx reverse proxy fro your Elasticsearch.

Remove default configurations

sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default

Create a new Nginx configuration file.

sudo nano /etc/nginx/sites-available/search.conf

Paste the following.

Note: You need to use exact same IP or localhost that you used in the host of Elasticsearch configuration.

server {
     listen [::]:80;
     listen 80;

     server_name search.yourdomain.com;

location / {
     proxy_pass http://INTERNAL_IP:9200;
     proxy_redirect off;
     proxy_read_timeout    90;
     proxy_connect_timeout 90;
     proxy_set_header  X-Real-IP  $remote_addr;
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header  Host $http_host;
} 

Save and exit the file.

Enable your configuration by creating a symbolic link.

sudo ln -s /etc/nginx/sites-available/search.conf /etc/nginx/sites-enabled/search.conf

Step 8: Create SSL certificate and enable HTTP/2

Install Certbot.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Step 9: Redirect HTTPS in Nginx

Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.

 
server {
     listen [::]:80;
     listen 80;
 
     server_name search.yourdomain.com;
 
     return 301 https://search.yourdomain.com$request_uri;
}
 
server {
     listen [::]:443 ssl http2;
     listen 443 ssl http2;
 
     server_name search.yourdomain.com;
    
     ssl_certificate /etc/letsencrypt/live/search.yourdomain.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/search.yourdomain.com/privkey.pem;
 
    location / {
         proxy_pass http://INTERNAL_IP:9200;
         proxy_redirect off;
         proxy_read_timeout    90;
         proxy_connect_timeout 90;
         proxy_set_header  X-Real-IP  $remote_addr;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  Host $http_host;
     }
} 

The http2 value is all that is needed to enable the HTTP/2 protocol.

Now you have enabled SSL Hardening, created a Content Security Policy, X-XSS-Protection, Clickjacking, MIME Sniffing, Referrer Policy, Access Control Allow Origin.

These are some Nginx security tweaks by closing all areas of attacks.

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Step 10: Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

Prepare yourself for a role working as an Information Technology Professional with Linux operating system

Conclusion

Now you have learned how to install Elasticsearch and secure it with Let’s Encrypt free ssl on Ubuntu.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

Tags: Google Cloud PlatformNginxUbuntu 18.04
Share2Tweet1SendShare
Cloudbooklet

Cloudbooklet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

Set Up Deep Learning With Nvidia, Cuda, Cudnn On Ubuntu

How to Set Up Deep Learning with Nvidia, CUDA, cuDNN on Ubuntu 22.04

7 months ago
How To Install Or Upgrade Php 8.2 On Ubuntu 22.04

How to Install or Upgrade PHP 8.2 on Ubuntu 22.04

9 months ago
How To Change Timezone On Ubuntu 22.04

How to Change Timezone on Ubuntu 22.04

1 year ago
How To Install Ansible On Ubuntu 22.04

How to Install Ansible on Ubuntu 22.04

1 year ago

Follow Us

Trending Articles

Cloud Vps Server

Top 10 Advantages of a Cloud VPS Server

September 19, 2023

Create High Quality AI Cover Song with Covers AI

How to Become an AI Trainer: Skills, Salary, and Career Opportunities

5 Best TikTok Private Account Viewer in 2023

Best 10 AI Comic Generator: Create Comic book in Seconds

5 Free AI Soulmate Maker: Create Your Perfect Match

Popular Articles

Video Stabilizer

How to Stabilize Videos for Free with Online Video Stabilizer

September 12, 2023

Top 9 Slideshow Makers for Bloggers and Content Creators

How to Use the Donne App: A Step-by-Step Guide for Fashion Lovers

Llama Code: How Meta AI LLM Can Help You Write Better Code

7 Best Deepswap AI Free Online Tools to Create FaceSwap Videos and Photos

10 Free Business Email Account Providers in 2023

Subscribe Now

loader

Subscribe to our mailing list to receives daily updates!

Email Address*

Name

Cloudbooklet Logo

Welcome to our technology blog, where we explore the latest advancements in the field of artificial intelligence (AI) and how they are revolutionizing cloud computing. In this blog, we dive into the powerful capabilities of cloud platforms like Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure, and how they are accelerating the adoption and deployment of AI solutions across various industries. Join us on this exciting journey as we explore the endless possibilities of AI and cloud computing.

  • About
  • Contact
  • Disclaimer
  • Privacy Policy

Cloudbooklet © 2023 All rights reserved.

No Result
View All Result
  • News
  • Artificial Intelligence
  • Applications
  • Linux

Cloudbooklet © 2023 All rights reserved.