ELK Stack auf Debian installieren
Posted: Fri 12. Jul 2019, 09:01
aktualisierte Fassung vom 31.01.2022
Installation für Debian 11 Buster
ELK Stack Server
Hinweise: probleme im LXC kann bei OOM Problemen mit der Begrenzung des zugewiesenen RAM gelöst werden
Datei /etc/elasticsearch/jvm.options.d/heap.options anlegen und Inhalt einfügen (Größe entsprechend anpassen)
Nginx mit TLS/SSL Übertragung und Benutzer Authentifizierung
Anlegen der .htaccess (UserName gegen den eigenen User austauschen)
Gesicherte Übertragung via TLS/SSL Zertifikat (https://...)
Variante 1:
Selbst Signiertes SSL Zertifikat generieren
Variante 2:
mit validen Let's Encrypt Zertifikat
Quelle: https://certbot.eff.org/lets-encrypt/de ... etch-nginx
Let's Encrypt
Crontab
Nginx vHost
Virtual Host Datei /etc/nginx/sites-available/elk.conf anlegen
Virtual Host Datei /etc/nginx/sites-available/kibana.conf anlegen
Virtual Host aktivieren
Client
ELK Stack Server
Installation für Debian 11 Buster
ELK Stack Server
Code: Select all
sudo apt-get install apt-transport-https gnupg2;
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -Code: Select all
echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.listCode: Select all
sudo apt update && sudo apt-get install openjdk-11-jdk logstash elasticsearch kibana filebeatCode: Select all
systemctl enable eleasticsearch.service;
systemctl start eleasticsearch.service;
systemctl enable kibana.service;
systemctl start kibana.serviceCode: Select all
filebeat modules enable elasticsearch;
filebeat setupDatei /etc/elasticsearch/jvm.options.d/heap.options anlegen und Inhalt einfügen (Größe entsprechend anpassen)
Code: Select all
-Xms2g
-Xmx2g
Nginx mit TLS/SSL Übertragung und Benutzer Authentifizierung
Code: Select all
sudo apt install nginx openssl apache2-utilsCode: Select all
cd /etc/nginx/
sudo htpasswd -c /etc/nginx/.htpasswd UserNameGesicherte Übertragung via TLS/SSL Zertifikat (https://...)
Variante 1:
Selbst Signiertes SSL Zertifikat generieren
Code: Select all
mkdir /etc/nginx/ssl;
cd /etc/nginx/ssl;
sudo openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out elk.crt -keyout elk.key -subj "/C=DE/ST=Bundesland/L=Ort/O=Organisation/OU=Abteilung/CN=$$domain.tld$$"Variante 2:
mit validen Let's Encrypt Zertifikat
Code: Select all
apt install nginx software-properties-common certbot python3-certbot-nginxQuelle: https://certbot.eff.org/lets-encrypt/de ... etch-nginx
Let's Encrypt
Code: Select all
sudo certbot --nginx https://certbot.eff.org/lets-encrypt/debianstretch-nginxCode: Select all
sudo certbot -a dns-plugin -i nginx -d "*.$$domain.tld$$" -d $$domain.tld$$ --server https://acme-v02.api.letsencrypt.org/directoryCode: Select all
sudo certbot renew --dry-runNginx vHost
Virtual Host Datei /etc/nginx/sites-available/elk.conf anlegen
Code: Select all
server {
server_name $$domain.tld$$;
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
client_max_body_size 50m;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://127.0.0.1:9200;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
ssl_certificate /etc/nginx/ssl/elk.crt;
ssl_certificate_key /etc/nginx/ssl/elk.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
}
server {
if ($host = $$domain.tld$$) {
return 301 https://$host$request_uri;
}
server_name $$domain.tld$$;
listen 80;
listen [::]:80;
return 404;
}
Virtual Host Datei /etc/nginx/sites-available/kibana.conf anlegen
Code: Select all
server {
server_name $$domain.tld$$;
listen 443 ssl;
client_max_body_size 50m;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://127.0.0.1:5601;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
ssl_certificate /etc/nginx/ssl/elk.crt;
ssl_certificate_key /etc/nginx/ssl/elk.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
}
server {
if ($host = $$domain.tld$$) {
return 301 https://$host$request_uri;
}
server_name $$domain.tld$$;
listen 80;
return 404;
}
Code: Select all
sudo ln -s /etc/nginx/sites-available/elk.conf /etc/nginx/sites-enabled/;
sudo ln -s /etc/nginx/sites-available/kibana.conf /etc/nginx/sites-enabled/;
sudo systemctl reload nginxClient
ELK Stack Server
Code: Select all
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-httpsCode: Select all
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.listCode: Select all
sudo apt update && sudo apt-get install filebeat