Page 1 of 1

ELK Stack auf Debian installieren

Posted: Fri 12. Jul 2019, 09:01
by h3rb3rn
aktualisierte Fassung vom 31.01.2022

Installation für Debian 11 Buster

ELK Stack Server

Code: Select all

sudo apt-get install apt-transport-https gnupg2;
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Code: Select all

echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Code: Select all

sudo apt update && sudo apt-get install openjdk-11-jdk logstash elasticsearch kibana filebeat

Code: Select all

systemctl enable eleasticsearch.service;
systemctl start eleasticsearch.service;
systemctl enable kibana.service;
systemctl start kibana.service

Code: Select all

filebeat modules enable elasticsearch;
filebeat setup
Hinweise: probleme im LXC kann bei OOM Problemen mit der Begrenzung des zugewiesenen RAM gelöst werden
Datei /etc/elasticsearch/jvm.options.d/heap.options anlegen und Inhalt einfügen (Größe entsprechend anpassen)

Code: Select all

-Xms2g
-Xmx2g



Nginx mit TLS/SSL Übertragung und Benutzer Authentifizierung

Code: Select all

sudo apt install nginx openssl apache2-utils
Anlegen der .htaccess (UserName gegen den eigenen User austauschen)

Code: Select all

cd /etc/nginx/
sudo htpasswd -c /etc/nginx/.htpasswd UserName


Gesicherte Übertragung via TLS/SSL Zertifikat (https://...)

Variante 1:

Selbst Signiertes SSL Zertifikat generieren

Code: Select all

mkdir /etc/nginx/ssl;
cd /etc/nginx/ssl;
sudo openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out elk.crt -keyout elk.key -subj "/C=DE/ST=Bundesland/L=Ort/O=Organisation/OU=Abteilung/CN=$$domain.tld$$"


Variante 2:

mit validen Let's Encrypt Zertifikat

Code: Select all

apt install nginx software-properties-common certbot python3-certbot-nginx

Quelle: https://certbot.eff.org/lets-encrypt/de ... etch-nginx

Let's Encrypt

Code: Select all

sudo certbot --nginx https://certbot.eff.org/lets-encrypt/debianstretch-nginx

Code: Select all

sudo certbot -a dns-plugin -i nginx -d "*.$$domain.tld$$" -d $$domain.tld$$ --server https://acme-v02.api.letsencrypt.org/directory
Crontab

Code: Select all

sudo certbot renew --dry-run

Nginx vHost

Virtual Host Datei /etc/nginx/sites-available/elk.conf anlegen

Code: Select all

server {
  server_name $$domain.tld$$;

  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;

  client_max_body_size 50m;

  location / {
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass http://127.0.0.1:9200;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_pass_header Access-Control-Allow-Origin;
    proxy_pass_header Access-Control-Allow-Methods;
    proxy_hide_header Access-Control-Allow-Headers;
    add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
    add_header Access-Control-Allow-Credentials true;
  }

  ssl_certificate /etc/nginx/ssl/elk.crt;
  ssl_certificate_key /etc/nginx/ssl/elk.key;

  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
}

server {
    if ($host =  $$domain.tld$$) {
        return 301 https://$host$request_uri;
}

server_name  $$domain.tld$$;
listen 80;
listen [::]:80;
return 404;
}


Virtual Host Datei /etc/nginx/sites-available/kibana.conf anlegen

Code: Select all

server {
  server_name $$domain.tld$$;

  listen 443 ssl;

  client_max_body_size 50m;

  location / {
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass http://127.0.0.1:5601;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_pass_header Access-Control-Allow-Origin;
    proxy_pass_header Access-Control-Allow-Methods;
    proxy_hide_header Access-Control-Allow-Headers;
    add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
    add_header Access-Control-Allow-Credentials true;
  }

  ssl_certificate /etc/nginx/ssl/elk.crt;
  ssl_certificate_key /etc/nginx/ssl/elk.key;

  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
}

server {
    if ($host = $$domain.tld$$) {
        return 301 https://$host$request_uri;
}

server_name $$domain.tld$$;
listen 80;
return 404;
}
Virtual Host aktivieren

Code: Select all

sudo ln -s /etc/nginx/sites-available/elk.conf /etc/nginx/sites-enabled/;
sudo ln -s /etc/nginx/sites-available/kibana.conf /etc/nginx/sites-enabled/;
sudo systemctl reload nginx



Client

ELK Stack Server

Code: Select all

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https

Code: Select all

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Code: Select all

sudo apt update && sudo apt-get install filebeat