Setup Elasticseach with Kibana on Google Cloud

Tagged in Google  β€’  01 Apr 2019  β€’  5 mins read  β€’  by Stewan Silva

So you've been there, learned a lot of cool things from Firebase, Firestore and Functions, built several simple apps but now you're stuck on how to handle complex queries such as counting your data or even how to list things based on user's geopoint, just because firebase doesn't support it yet.

Good news for you πŸŽ‰

Here is a detailed tech post with step by step on how to deploy a secured Elasticsearch instance to Google Cloud Platform, without relying on expensive security solutions like X-Pack, Search Guard or any other, instead we're going to use nginx as a reverse proxy.

Then all you have to do is create an event trigger to keep your elastic data in sync with your database.

Google Cloud configuration

Go to gcloud console and then create a new vm instance

  • 2 vCPU (for production)
  • disk 20gb (for production)
  • ubuntu 18 LTS
  • add es-rules in network tags

Elasticsearch apply network tags

  1. go to external ip addresses and make sure the ip in use by vm is static, otherwise it may change and your app go offline.

  2. create the following firewall rules for the specified target tag es-rules

Firewall rule for Elastic

Once it's not reserved or in use by the operating system, you can use any number as port. Here we're going to avoid the use of default numbers and take 4545 for elastic and 4546 for kibana.

Name -> es-tcp-4545

Direction -> Ingress

IP ranges ->

Specified protocol and port -> tcp:4545

Target tags -> es-rules

Firewall rule for Kibana

Name -> es-tcp-4546

Direction -> Ingress

IP ranges ->

Specified protocol and port -> tcp:4546

Target tags -> es-rules

Install java

Access the vm instance using ssh, it can be done throughout gcloud console.

  1. sudo apt-get update
  2. sudo apt-get install default-jre

Install elastic 6.x

  1. wget -qO - | sudo apt-key add -
  2. sudo apt-get install apt-transport-https
  3. echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
  4. sudo apt-get update && sudo apt-get install elasticsearch

Install latest kibana

  1. sudo apt-get install kibana

Initialize elastic service

Elasticsearch is not started automatically after installation. Do following to configure a startup service

  1. sudo /bin/systemctl daemon-reload
  2. sudo /bin/systemctl enable elasticsearch.service
  3. sudo systemctl start elasticsearch.service

Change java options

  1. sudo nano /etc/elasticsearch/jvm.options
  2. change to -Xms4g, -Xmx4g. Or whatever memory value your vm instance supports. Then hit ctrl+o to save and ctrl+x to exit nano editor.
  3. restart elastic sudo /etc/init.d/elasticsearch restart

Check elastic status

sudo /etc/init.d/elasticsearch status

Initialize kibana service

Kibana is also not started automatically after installation. Do following to configure a startup service

  1. sudo /bin/systemctl enable kibana.service
  2. sudo systemctl start kibana.service
  3. sudo /etc/init.d/kibana start

Check kibana status

sudo /etc/init.d/kibana status

Setup nginx as a reverse proxy for Elasticsearch

Here is the trick, instead of get expensive solutions like X-Pack we can just secure our Elasticsearch server with nginx plus the old but gold basic http password.

  1. sudo apt-get install nginx && sudo apt-get install apache2-utils
  2. sudo systemctl status nginx
  3. shutdown nginx sudo nginx -s quit
  4. generate a password sudo htpasswd -c /etc/nginx/.htpasswd elastic enter a new password
  5. delete default config file sudo rm /etc/nginx/nginx.conf
  6. copy and paste this nginx config to sudo nano /etc/nginx/nginx.conf (ctrl+o ctrl+x to save and exit)
  7. start nginx sudo systemctl start nginx
  8. check nginx sudo systemctl status nginx
  9. test curl -i elastic:[email protected]:4545

should output

  "name": "ZyQPiTS",
  "cluster_name": "elasticsearch",
  "version": {
    "number": "6.4.0"
  "tagline": "You Know, for Search"

πŸŽ‰ at this point elastic environment should be ready to go. you can also try to browser using the static ip address plus port 4545 (elastic) or 4546 (kibana)

Some useful resources

Change user pw if you're using X-Pack

curl -u elastic -XPUT 'http://localhost:9200/_xpack/security/user/THE_USER/_password?pretty' -H 'Content-Type: application/json' -d '
"password" : "THE_NEW_PW"


sudo /usr/share/elasticsearch/bin/x-pack/setup-passwords interactive

Clone elastic environment on Google Cloud

Auth first

gcloud login

Create new disk from a snapshot

gcloud compute disks create my-elastic-disk --source-snapshot \ --project my-project

Create a compute instance from the cloned disk

gcloud compute instances create my-project-instance \
--project my-project --disk name=my-elastic-disk,boot=yes

Fresh install of X-Pack plugin

  1. sudo /usr/share/elasticsearch/bin/elasticsearch-plugin remove x-pack --purge
  2. sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install x-pack
  3. restart elastic sudo /etc/init.d/elasticsearch restart (can take a while)
  4. setup passwords sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto (then copy and paste to
  5. install x-pack into kibana sudo /usr/share/elasticsearch/bin/kibana-plugin install x-pack

Install Elastic using a defined version eg: 6.4.0

learn more at elastic docs.

  1. wget
  2. wget
  3. shasum -a 512 -c elasticsearch-6.4.0.deb.sha512
  4. sudo dpkg -i elasticsearch-6.4.0.deb

Install Kibana using a defined version eg: 6.4.0

  1. wget
  2. shasum -a 512 kibana-6.4.0-amd64.deb
  3. sudo dpkg -i kibana-6.4.0-amd64.deb

Install Search Guard

Search Guard is a cool alternative to X-Pack plugin. Learn more on this blog post.

  1. sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.0-23.0
  2. sudo chmod +x /usr/share/elasticsearch/plugins/search-guard-6/tools/
  3. sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/
  4. sudo chmod +x /usr/share/elasticsearch/plugins/search-guard-6/tools/
  5. sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/ -cd ../sgconfig/ -icl -nhnv -cacert ../../../config/root-ca.pem -cert ../../../config/kirk.pem -key ../../../config/kirk-key.pem

Kill nginx

sudo kill -QUIT $( cat /run/ )

List ports in use

lsof -i :443

Check if elastic is running

curl -X GET "localhost:4545/"

Keep alive test

curl 'elastic:[email protected]:4545/_nodes/stats/http?pretty' | grep total_opened`
Love this post?