Here’s the guide to deploy Elastic Stack on Ubuntu VPS, with secure access, HTTPS proxying, and service optimization.
What is Elastic Stack?
Also known as ELK Stack, the Elastic Stack is a collection of tools for securely taking data from any source and format to search, analyze, and visualize it. The core components are Elasticsearch (a search and analytics engine), Kibana (for visualization), Beats (data shippers), and Logstash (a data ingestion pipeline). It is widely used for use cases like log management, security, observability, and business analytics.
🧭 Full Guide: Deploy Elastic Stack on Ubuntu VPS
✅ Works on Ubuntu 22.04 LTS or later
The Elastic Stack (formerly ELK Stack) consists of:
- Elasticsearch – data storage and search engine
- Logstash – data ingestion and processing pipeline
- Kibana – web-based data visualization and management UI
⚙️ Prerequisites
- Ubuntu VPS (with fresh install of 22.04+)
- At least 4 GB RAM, 2 vCPUs minimum
- Root or sudo access
- Open ports (see: How to Open Ports on Linux Server)
- 9200 (Elasticsearch)
- 9300 (Elasticsearch transport)
- 5601 (Kibana)
- 5044 (Logstash input)
- Optional: domain name for HTTPS proxying (e.g.,
search.example.com)
How to Deploy Elastic Stack on Ubuntu VPS
To deploy Elastic Stack on Ubuntu VPS, follow the steps outlined below:
-
🧩 System Update
sudo apt update && sudo apt upgrade -y sudo apt install apt-transport-https wget curl gnupg ufw -y
-
🔑 Add Elastic APT Repository
Import the GPG key and repository:
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/elastic-archive-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list sudo apt update
-
🧱 Install Elasticsearch
sudo apt install elasticsearch -y
Configure Elasticsearch
Edit
/etc/elasticsearch/elasticsearch.yml:cluster.name: elastic-stack node.name: node-1 network.host: 0.0.0.0 http.port: 9200 discovery.type: single-node
Enable and start the service:
sudo systemctl enable elasticsearch sudo systemctl start elasticsearch sudo systemctl status elasticsearch
Test Elasticsearch
curl -k https://localhost:9200 -u elastic
-
⚡ Install Logstash
Logstash processes logs and sends them to Elasticsearch.
sudo apt install logstash -y
Configure Logstash Pipeline
Create a configuration file:
sudo nano /etc/logstash/conf.d/01-logstash-input.conf
Example configuration:
input { beats { port => 5044 } } filter { grok { match => { "message" => "%{COMMONAPACHELOG}" } } } output { elasticsearch { hosts => ["https://localhost:9200"] index => "logs-%{+YYYY.MM.dd}" user => "elastic" password => "your_elastic_password" ssl => true cacert => "/etc/elasticsearch/certs/http_ca.crt" } }💡 You can use the generated CA certificate from
/etc/elasticsearch/certs/(Elasticsearch 8.x automatically generates one).Enable and start Logstash:
sudo systemctl enable logstash sudo systemctl start logstash sudo systemctl status logstash
-
🖥 Install Kibana
sudo apt install kibana -y
Configure Kibana
Edit
/etc/kibana/kibana.yml:server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["https://localhost:9200"] elasticsearch.username: "kibana_system" elasticsearch.password: "your_kibana_password" server.publicBaseUrl: "https://your-domain.com"
Enable and start Kibana:
sudo systemctl enable kibana sudo systemctl start kibana
Access it via:
http://your-server-ip:5601
-
🌐 Secure with Nginx Reverse Proxy + HTTPS (Certbot)
Install Nginx and Certbot:
sudo apt install nginx certbot python3-certbot-nginx -y
Create proxy configuration:
sudo nano /etc/nginx/sites-available/kibana.conf
Add:
server { listen 80; server_name your-domain.com; location / { proxy_pass http://localhost:5601; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; } }Enable and secure:
sudo ln -s /etc/nginx/sites-available/kibana.conf /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx sudo certbot --nginx -d your-domain.com
Now, Kibana will be accessible securely via:
https://your-domain.com
-
📊 Connect Beats (Optional)
To ship logs from other systems, install Filebeat:
sudo apt install filebeat -y
Configure
/etc/filebeat/filebeat.yml:output.logstash: hosts: ["your-vps-ip:5044"]
Then enable and start:
sudo systemctl enable filebeat sudo systemctl start filebeat
-
🧠 Verify Stack Connectivity
Check that all services are communicating:
sudo systemctl status elasticsearch sudo systemctl status logstash sudo systemctl status kibana
Then in Kibana:
- Visit Stack Management → Index Patterns
- Confirm indices like
logs-*are appearing.
-
⚙️ Optional JVM Optimization
Edit heap size settings for performance:
sudo nano /etc/elasticsearch/jvm.options.d/custom.options
Add (50% of available RAM recommended):
-Xms2g -Xmx2g
Restart services:
sudo systemctl restart elasticsearch logstash kibana
-
🛡 Secure and Maintain
- Use
ufwto limit access to ports:
sudo ufw allow 5601,9200,5044/tcp sudo ufw enable
- Regularly update:
sudo apt update && sudo apt upgrade -y
- Monitor logs:
sudo journalctl -u elasticsearch -f sudo journalctl -u logstash -f sudo journalctl -u kibana -f
- Use
✅ Final Verification
Open:
https://your-domain.com
Log in with your Elastic superuser credentials and confirm:
- Elasticsearch cluster health = green
- Logstash pipelines visible
- Indices showing in Kibana → Discover
🎯 Summary
| Component | Port | Function | Service |
|---|---|---|---|
| Elasticsearch | 9200 | Core search & data engine | elasticsearch |
| Logstash | 5044 | Data ingestion pipeline | logstash |
| Kibana | 5601 | Visualization UI | kibana |
You now have a fully functional Elastic Stack running securely on your Ubuntu VPS — ideal for central log management, data analytics, and real-time search.
Conclusion
You now know how to deploy Elastic Stack on Ubuntu VPS.
[…] This dashboard provides detailed insights into Elasticsearch cluster performance. It includes panels for indexing performance, query latency, JVM stats, node […]