How to install and publish Elasticsearch on Azure Ubuntu?

As part of my self-training with Elasticsearch, I would like to install Elasticsearch on Azure VM und publish it over the Internet so that I can access my server anywhere. It is not recommended to publish Elasticsearch server on the internet because of security. So don’t do this to your production one, but you can use the concept for publishing server on your LAN. The installation and configuration are pretty easy. It does matter where to find and how you should configure Azure and Elasticsearch.

1. Azure virtual machine

Create a new Ubuntu VM on Azure and use Putty to login to server

Azure VM

Ubuntu Server

SSH

2. Install Java

Elasticsearch is developed in Java so you need to install Java JRE or Java JDK on our server. You can use OpenJDK or Oracle JDK. I prefer using Oracle JDK for better performance and compatibility.

Add the Oracle Java PPP to apt repository:

sudo add-apt-repository -y ppa:webupd8team/java

Update your apt package database:

sudo apt-get update

Install the latest version of Oracle JDK 8

sudo apt-get -y install oracle-java8-installer

Note: You have to accept the license agreement coming with the pop-up window, use Tab key to switch to Yes/No answer.

Verify if Oracle JDK is successfully installed

java -version

Java version

3. Download and install Elasticsearch

Go to homepage of Elasticsearch and copy the download link of DEB installation package. The current version of Elasticsearch at the time of this post is 2.3.5 so I download the installation file with following command.

wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/deb/elasticsearch/2.3.5/elasticsearch-2.3.5.deb

Then install it with the dpkg command

sudo dpkg -i elasticsearch-2.3.5.deb

After the command is executed, Elasticsearch is installed in /usr/share/elasticsearch/ with it configuration file in /etc/elasticsearch/ and its init script in /etc/init.d/elasticsearch

To configure Elasticsearch starting and stopping automatically with the virtual machine, you can add its init script to the default with the following command

sudo update-rc.d elasticsearch defaults

4. Publish Elasticsearch on internet

4.1 Configure Elasticsearch

Configure Elasticsearch to host his server over public IP address by editing the configuration file of Elasticsearch with this command

sudo update-rc.d elasticsearch defaults

Uncomment network.host setting and set it value to 0.0.0.0

network.host

Lastly remember to restart your Elasticsearch server so that he applies your changes.

sudo service elasticsearch restart

or

sudo service elasticsearch stop
sudo service elasticsearch start

4.2 Open port 9200

The default working port of Elasticsearch is 9200. If you don’t change its port (by changing value of http.port), you have to open the port 9200 for inbound connection by executing this command

sudo iptables -A INPUT -m tcp -p tcp --dport 9200 -j ACCEPT

Verify if changes are applied

sudo iptables -L

iptables

4.3 Configure Azure network security

If you have your VM not installed on the cloud, you can skip this step because your Elasticsearch is ready now. If you have your VM on the cloud like mine (in Azure), you have to do one more step to open your port through the network.

In Azure portal, open the network security applied for your VM, select Inbound security rules

Network security

Network security

Add new inbound rule for port 9200

Network security

Now your Elasticsearch is ready and accessible on the internet by accessing over public IP of your virtual machine. Typing your public IP plus public port of Elasticsearch in browser

Network security

If you see above message, the installation and configuration are successful.

5. Secure Elasticsearch with Authentication

Now the server has been installed but it gives access to anyone. Who has the public IP address of the server, can send a query to it. We can secure the server by enabling basic authentication with plugin Shield. Execute following command to install Shield

sudo su
cd /usr/share/elasticsearch
bin/plugin install license
bin/plugin install shield
sudo service elasticsearch restart

Now the Elasticsearch is now password-protected. Username and password are required to communicate with the cluster. If a request is submitted without a username and password, the request is rejected

Without authentication

To use basic authentication, users should be set up and assigned to one of the basic predefined roles
admin : Can perform any cluster or index action.
power_user : Can monitor the cluster and perform any index action.
user : Can perform read actions on any index.

For example, create a user with the admin role. Use the esusers tool to create an admin user

sudo su
cd /usr/share/elasticsearch
bin/shield/esusers useradd es_admin -r admin

When prompted, enter a password for the new user. Passwords must be at least 6 characters long.
Now you can submit requests as admin user

With authentication

Now the server is secured with basic authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *