Kibana Is a service for visualizing Elasticsearch data and navigating it through the Elastic Stack. It helps you create dashboards, customize the visualization form, generate interactive graphs, even present geodata, analyze relationships, and explore anomalies with machine learning.
Installing Kibana from the repository
We import the PGP Key to further add the Elasticsearch repository
$ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
Add the repository
$ sudo nano /etc/yum.repos.d/kibana.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Install Kibana
$ sudo dnf -y install kibana
Add the Kibana service to startup and start it
$ sudo systemctl enable --now kibana
Checking if the service has started
$ systemctl status kibana
Installing Kibana from an RPM package
Download the Kibana package and install it
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.9.3-x86_64.rpm -P /tmp
$ cd /tmp
$ sudo dnf -y localinstall kibana-7.9.3-x86_64.rpm
Add the Kibana service to startup and start it
$ sudo systemctl enable --now kibana
Checking if the service has started
$ sudo systemctl status kibana
Checking the port
$ netstat -tulnp | grep 5601
Setting up Kibana
Editing the Kibana config file
$ sudo nano /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.1.10"
[…]
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://localhost:9200"]
Restarting Kibana
$ sudo systemctl restart kibana
If we use Nginx as Reverse Proxy
[…]
server.host: "localhost"
[…]
in this example, we say that the server should listen on the 192.168.1.10 interface
Firewall configuration (if we do not use nginx as reverse proxy)
Opening port 5601
$ sudo firewall-cmd --add-port=5601/tcp --permanent
$ sudo firewall-cmd --reload
Installing NGINX
Add NGINX repository
$ sudo nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/
centos
/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
The stable version will be used by default. If you need a mainline version, switch
$ sudo dnf config-manager --set-enabled nginx-mainline
Install NGINX and httpd-tools
$ sudo dnf -y install nginx httpd-tools
Add the NGINX service to startup and start it
$ sudo systemctl enable --now nginx
Checking if the service has started
$ systemctl status nginx
Configuring NGINX
Disable the default config
$ cd /etc/nginx/conf.d/
$ sudo mv default.conf default.conf.disable
Create config for Kibana
$ sudo nano kibana.conf
server {
listen 80;
#listen [::]:80 ipv6only=on;
server_name _;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.kibana-user;
location / {
proxy_pass https://localhost:5601/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Generating a password for authorization
$ sudo htpasswd -c /etc/nginx/.kibana-user mykibana
New password: password
Re-type new password: password
Adding password for user mykibana
Restart NGINX, check the status
$ sudo systemctl reload nginx
$ systemctl status nginx
Firewall configuration
Opening port 80
$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --reload
See the list of rules
$ sudo firewall-cmd --list-all
We close port 5601 if it was previously opened
$ sudo firewall-cmd --permanent --zone=public --remove-port=5601/tcp
$ sudo firewall-cmd --reload
SELinux configuration
Adding a rule to the SELinux policy
$ sudo setsebool -P httpd_can_network_connect=1