怎样安装Elastic&Kibana

2020年1月17日 | 分类: 【技术】

【安装:环境】

参考:https://cn.linux-console.net/?p=29534

环境:Ubuntu 24.04

1
2
sudo apt-get install build-essential make libtool libtool-bin m4 autoconf automake libtool git aptitude htop dos2unix bzip2 libbz2-dev zip unzip build-essential g++ libicu-dev zlib1g-dev -y
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

安装Java:

由于Elasticsearch是基于Java的,因此需要在服务器上安装 Java JDK:

1
apt install default-jdk -y

查询 Java 版本:

1
java --version

输出:

1
2
3
openjdk 21.0.6 2025-01-21
OpenJDK Runtime Environment (build 21.0.6+7-Ubuntu-124.04.1)
OpenJDK 64-Bit Server VM (build 21.0.6+7-Ubuntu-124.04.1, mixed mode, sharing)

【安装:Elasticsearch】

添加 Elasticsearch 存储库:

安装所需的依赖项:

1
apt install curl wget gnupg2 wget -y

添加 Elasticsearch GPG 密钥:

1
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic.gpg

将 Elasticsearch 存储库添加到 APT:

1
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-7.x.list

更新存储库的缓存:

1
apt update -y

安装 Elasticsearch 包:

1
apt install elasticsearch -y

编辑:/etc/elasticsearch/elasticsearch.yml

1
2
network.host: localhost
xpack.security.enabled: false

注册 Elasticsearch 服务:

1
systemctl enable elasticsearch

启动 Elasticsearch 服务:

1
systemctl start elasticsearch

检查 Elasticsearch 的状态:

1
systemctl status elasticsearch

输出:

1
2
3
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; preset: enabled)
     Active: active (running) since Fri 2025-03-28 09:50:40 UTC; 12s ago

验证 Elasticsearch 安装:

1
curl -X GET 'http://localhost:9200'

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
  "name" : "vultr",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "MKsQXeSyQRKzDY2anzmRJQ",
  "version" : {
    "number" : "7.17.28",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "139cb5a961d8de68b8e02c45cc47f5289a3623af",
    "build_date" : "2025-02-20T09:05:31.349013687Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.3",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

【使用 Elasticsearch】

使用curl 命令创建、读取、更新和删除数据。

要将条目添加到 Elasticsearch:

1
curl -XPOST -H "Content-Type: application/json" 'http://localhost:9200/tutorial/helloworld/1' -d '{ "message": "Hello World!" }'

输出:

1
{"_index":"tutorial","_type":"helloworld","_id":"1","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}

检索添加的条目:

1
curl -X GET -H "Content-Type: application/json" 'http://localhost:9200/tutorial/helloworld/1'

输出:

1
{"_index":"tutorial","_type":"helloworld","_id":"1","_version":1,"_seq_no":0,"_primary_term":1,"found":true,"_source":{ "message": "Hello World!" }}

要修改现有条目,使用 put 命令:

1
curl -X PUT -H "Content-Type: application/json" 'localhost:9200/tutorial/helloworld/1?pretty' -d ' { "message": "Hello, People!" }'

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
  "_index" : "tutorial",
  "_type" : "helloworld",
  "_id" : "1",
  "_version" : 2,
  "result" : "updated",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 1,
  "_primary_term" : 1
}

以更易读的格式检索添加的条目:

1
curl -X GET -H "Content-Type: application/json" 'http://localhost:9200/tutorial/helloworld/1?pretty'

输出:

1
2
3
4
5
6
7
8
9
10
11
12
{
  "_index" : "tutorial",
  "_type" : "helloworld",
  "_id" : "1",
  "_version" : 2,
  "_seq_no" : 1,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "message" : "Hello, People!"
  }
}

【安装:Kibana】

参考:https://zhuanlan.zhihu.com/p/336560713

安装 kibana 。

1
sudo apt install kibana

注册 Kibana 服务:

1
sudo systemctl enable kibana

启动 Kibana 服务:

1
sudo systemctl start kibana

查看 Kibana 服务状态:

1
sudo systemctl status kibana

如果在本机跑 ES 和 Kibana 的话,那么可以直接检查

1
http://localhost:5601

如果需要外部端口访问:

1
sudo ufw allow 5601/tcp && sudo ufw reload

编辑:/etc/kibana/kibana.yml

1
2
3
4
server.port: 5601
server.host: "localhost"
server.publicBaseUrl: "http://localhost:5601"
i18n.locale: "zh-CN"

源码存储位置:/usr/share/kibana
语言文件位置:/usr/share/kibana/x-pack/plugins/translations/translations/zh-CN.json

【安装:Nginx】

1
2
3
4
5
6
apt-get install libpcre3 libpcre3-dev -y
cd /root && wget http://nginx.org/download/nginx-1.27.4.tar.gz && tar zxf nginx-1.27.4.tar.gz
cd /root/nginx-1.27.4 && wget https://github.com/openssl/openssl/releases/download/openssl-3.0.13/openssl-3.0.13.tar.gz && tar zxvf openssl-3.0.13.tar.gz
cd /root/nginx-1.27.4 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module  --with-openssl=./openssl-3.0.13
make
make install

添加端口:

1
2
3
4
5
6
7
sudo ufw allow 80 && sudo ufw allow 443 && sudo ufw reload
[shell]
 
增加权限:
 
[shell]
chown -R nginx:nginx /usr/local/nginx/html

设置开机启动:

在系统服务目录里创建文件:/lib/systemd/system/nginx.service

1
2
3
4
5
6
7
8
9
10
11
12
13
[Unit]
Description=nginx
After=network.target
    
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
   
[Install]
WantedBy=multi-user.target

注册 Nginx 服务:

1
systemctl enable nginx.service

启动 Nginx 服务:

1
systemctl start nginx.service

查看 Nginx 服务状态:

1
systemctl status nginx.service

重新启动服务

1
systemctl restart nginx.service

查看所有已启动的服务

1
systemctl list-units --type=service

配置 SSL 证书:

参考:https://amon.org/certbot-cloudflare

1
sudo snap install certbot-dns-cloudflare && sudo apt-get install python3-certbot-dns-cloudflare && sudo apt-get install certbot

在需要运行Certbot的主机上创建一个文件:/etc/letsencrypt/certbot-dns-cloudflare.ini

1
dns_cloudflare_api_token = _yourToken_

签发证书:

1
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/certbot-dns-cloudflare.ini -d catch.chat -d *.catch.chat

【配置:Nginx 代理 Kibana】

配置文件:/usr/local/nginx/conf/nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
user nginx;
worker_processes 1;
pid logs/nginx.pid;
 
events {
    worker_connections 1024;
    }
 
http {
    include mime.types;
    default_type  application/octet-stream;
    charset utf-8;
    sendfile on;
    server_tokens off;
    keepalive_timeout 65;
    client_max_body_size 20m;
 
    # Enable Gzip compression
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-font-opentype
        application/x-font-truetype
        application/x-javascript
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/eot
        font/opentype
        font/otf
        image/svg+xml
        image/x-icon
        image/vnd.microsoft.icon
        text/css
        text/plain
        text/javascript
        text/x-component;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
 
    server  {
        listen 80;
        listen 443 ssl;
        server_name data.catch.chat;
 
        ssl_certificate /etc/letsencrypt/live/catch.chat/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/catch.chat/privkey.pem;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
 
        location / {
            proxy_pass http://localhost:5601;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            rewrite ^/(.*)$ /$1 break;
        }
 
        error_page 404 403 401 402 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/local/nginx/html;
            }
 
        }
 
}

重启服务器。

在浏览器中输入:https://data.catch.chat

输出:正常访问 Kibana。

报错:Elastic did not load properly. Check the server output for more information.

刷新后,恢复正常。

Configuration missing
server.publicBaseUrl is missing and should be configured when running in a production environment. Some features may not behave correctly.
https://www.elastic.co/guide/en/kibana/7.17/settings.html#server-publicBaseUrl

参考:https://gitee.com/zhengqingya/docker-compose/pulls/1
参考:https://blog.csdn.net/qq_29752857/article/details/141183445

server.publicBaseUrl: “http://localhost:5601

【访问认证】

参考:https://www.cnblogs.com/caoweixiong/p/14874997.html

【应用:怎样使用???】

【前端:Search-UI】

参考:https://github.com/elastic/search-ui
参考:https://github.com/ProjectOpenSea/search-ui

演示:https://search-ui-stable.netlify.com/?size=n_20_n

应用:https://opensea.io
介绍:https://www.jianshu.com/p/644b9cc3d7d6
采访:http://www.sohu.com/a/366597208_100217347

【前端:Dejavu】

参考:https://www.ctolib.com/appbaseio-dejavu-browser.html
参考:https://www.extfans.com/web-development/jopjeaiilkcibeohjdmejhoifenbnmlh/

【应用:用ELK(ElasticSearch, Logstash, Kibana)搭建实时日志分析】

参考:https://www.elastic.co/cn/what-is/elk-stack
参考:https://www.ibm.com/developerworks/cn/opensource/os-cn-elk-filebeat/index.html
参考:https://yq.aliyun.com/articles/590431
参考:https://www.cnblogs.com/aresxin/p/8035137.html