π Installing and Configuring the Kibana Dashboard π
Kibana is a powerful visualization tool that works with Elasticsearch to help you explore, analyze, and visualize data in real time. It provides intuitive dashboards, charts, and search capabilities for your log and metric data.
π Step 1: Install Kibana π β
sudo apt install kibana
π Step 2: Enable and Start Kibana Service β‘β
sudo systemctl enable kibana
sudo systemctl start kibana
By default, Kibana is configured to listen only on localhost (127.0.0.1). To access it externally, we need to set up a reverse proxy using Nginx.
π Step 3: Setting Up Nginx as a Reverse Proxy πβ
Before proceeding, ensure that Nginx is installed on your server. If not, install it using:
sudo apt install nginx
π Step 4: Create an Administrative Kibana User πβ
To enhance security, we will create a username and password that will be required to access Kibana via the Nginx reverse proxy. The following command will create a hashed password and store it in the /etc/nginx/htpasswd.users file.
echo "asifkibana:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
π‘ Replace asifkibana with your own username and enter a strong password when prompted.
Example password: Kibana@123 (π΄ Do not use this in production!)
π Step 5: Configure Nginx Reverse Proxy π₯β
We will create an Nginx server block to route traffic from an external domain (elk.asifahmadkhan.com) to Kibana running on localhost:5601.
π Create a new Nginx configuration file:β
sudo vi /etc/nginx/sites-available/elk.asifahmadkhan.com.conf
β Add the following configuration:β
server {
listen 80;
server_name elk.asifahmadkhan.com;
auth_basic "Restricted Access"; # Protect with Basic Authentication
auth_basic_user_file /etc/nginx/htpasswd.users; # Use the created user credentials
location / {
proxy_pass http://localhost:5601; # Forward requests to Kibana
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
π Step 6: Enable the Nginx Configuration πβ
Create a symbolic link to enable the site:
sudo ln -s /etc/nginx/sites-available/elk.asifahmadkhan.com.conf /etc/nginx/sites-enabled/
Then test the Nginx configuration:
sudo nginx -t
If there are no errors, restart Nginx:
sudo systemctl restart nginx
π Step 7: Allow Nginx Traffic Through Firewall π₯β
sudo ufw allow 'Nginx Full'
π Final Step: Access Kibana β β
Now, open your browser and go to:
http://elk.asifahmadkhan.com
You will be prompted for a username and password (the one created in Step 4). Enter your credentials and start exploring the Kibana dashboard! π
πΉ Ensure that you have configured the DNS settings for elk.asifahmadkhan.com to point to your server's IP address.
πΉ For enhanced security, consider enabling HTTPS using an SSL certificate (e.g., Let's Encrypt).
If you hit IP:5601 and it gives an error, then check the following in the kibana.yml file:
Change it from:
server.host: "localhost"
to:
server.host: "0.0.0.0"
π Example Kibana Configuration Fileβ
root@ip-172-31-11-126:/home/ubuntu# cat /etc/kibana/kibana.yml
# For more configuration options see the configuration guide for Kibana in
elasticsearch.hosts: ["https://127.0.0.1:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "9nv-mDIWEwz*Uf*k0oD_"
elasticsearch.ssl.verificationMode: none
# https://www.elastic.co/guide/index.html
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601
π Logsβ
-
Kibana logs are stored in:
/var/log/kibana/kibana.log
β Check if itβs running:β
ss -ltnp | grep 5601
curl -I http://127.0.0.1:5601