For our Blog Visitor only Get Additional 3 Month Free + 10% OFF on TriAnnual Plan YSBLOG10
Grab the Deal
youstable-blog-sidebar

How to Configure ElasticSearch on Linux Server – (Step-by-Step Guide 2026)

Mamta Goswami 8 min read

To configure Elasticsearch on a Linux server in 2026, install Elasticsearch 8.x, apply kernel and file‑descriptor tuning, edit elasticsearch.yml for networking and security, enable systemd service, open firewall ports, verify with curl over TLS, and finish by setting passwords and performance tuning (heap, shards, and storage). Steps below work on Ubuntu/Debian and RHEL/Rocky/AlmaLinux.

In this step-by-step guide, you’ll learn how to configure Elasticsearch on Linux server from scratch, including secure defaults, cluster basics, and performance tuning. Whether you’re indexing logs, powering search, or building analytics, this tutorial provides a practical, production-ready path that aligns with 2026 best practices.

What You’ll Learn

  • Install Elasticsearch 8.x on Ubuntu/Debian and RHEL/Rocky/AlmaLinux
  • Apply essential Linux kernel and limits tuning
  • Configure elasticsearch.yml for single-node or cluster
  • Secure Elasticsearch with TLS and passwords
  • Open the firewall safely and verify with curl
  • Optimize JVM heap, shards, and storage for performance
  • Troubleshoot common bootstrap and startup issues

Prerequisites and System Requirements

  • Linux: Ubuntu 22.04+/24.04+, Debian 12+, RHEL/Rocky/AlmaLinux 8/9, Amazon Linux 2+
  • CPU/RAM: 2+ vCPU, 4–8 GB RAM minimum (more is better)
  • Disk: SSD/NVMe strongly recommended
  • Network: Open ports 9200 (HTTP) and 9300 (transport for clusters)
  • Privileges: sudo/root access
  • Java: Elasticsearch 8.x ships with a bundled JDK (no separate Java needed)

Install Elasticsearch on Ubuntu/Debian (Fastest Way)

Use the official Elastic APT repository for the latest 8.x release. This ensures stable updates and built-in security defaults.

sudo apt update
sudo apt install -y apt-transport-https curl gnupg

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | \
  sudo tee /etc/apt/sources.list.d/elastic-8.x.list

sudo apt update
sudo apt install -y elasticsearch

Install Elasticsearch on RHEL/Rocky/AlmaLinux/Amazon Linux

Use the official YUM/DNF repository. The steps below work across major RHEL-derivatives.

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

cat <<'EOF' | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-8.x]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

sudo dnf install -y elasticsearch || sudo yum install -y elasticsearch

Essential System Tuning (Required for Production)

Apply these kernel and limits settings to avoid bootstrap check failures and ensure stable performance.

1) Increase vm.max_map_count

echo "vm.max_map_count=262144" | sudo tee /etc/sysctl.d/99-elasticsearch.conf
sudo sysctl --system

2) File Descriptors and Memory Lock

echo -e "elasticsearch soft nofile 65535\nelasticsearch hard nofile 65535\nelasticsearch soft memlock unlimited\nelasticsearch hard memlock unlimited" | \
  sudo tee /etc/security/limits.d/50-elasticsearch.conf

# Lock memory in Elasticsearch JVM (avoids swapping)
sudo sed -i 's/^#\?bootstrap.memory_lock:.*/bootstrap.memory_lock: true/' /etc/elasticsearch/elasticsearch.yml

Ensure your systemd unit allows memory locking (packaged units typically do). Swapping should be disabled on production nodes.

sudo swapoff -a
# Optional: make persistent by commenting swap in /etc/fstab

Configure elasticsearch.yml (Secure Single Node)

Elasticsearch 8 enables security by default and generates a local HTTP CA certificate. For a single, secured node, start with the minimal configuration below.

sudo cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak

sudo bash -c 'cat > /etc/elasticsearch/elasticsearch.yml' <<'EOF'
cluster.name: youstable-es
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

# Bind to specific interface(s); 0.0.0.0 enables remote access
network.host: 0.0.0.0
http.port: 9200

# Single-node discovery mode
discovery.type: single-node

# Security is enabled by default in 8.x
xpack.security.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
EOF

Note: Package installs usually place the HTTP CA at /etc/elasticsearch/certs/http_ca.crt and keystore at /etc/elasticsearch/certs/http.p12. Keep permissions strict (owned by elasticsearch user).

Start Elasticsearch and Verify

sudo systemctl daemon-reload
sudo systemctl enable --now elasticsearch
sudo systemctl status elasticsearch --no-pager

Set or reset the built-in elastic superuser password and save it securely.

# Interactive reset (8.x)
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

Verify over HTTPS using the generated CA certificate.

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
# Expected: JSON with cluster_name, version.number (8.x), tagline

Open the Firewall Safely

Expose only what you must. Port 9200 serves HTTPS; for multi-node clusters, transport uses 9300.

UFW (Ubuntu/Debian)

sudo ufw allow 9200/tcp    # HTTP(S)
sudo ufw allow 9300/tcp    # Transport (cluster only)
sudo ufw status

firewalld (RHEL/Rocky/AlmaLinux)

sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=9300/tcp
sudo firewall-cmd --reload

Optional: Install and Connect Kibana

Kibana provides UI-driven management, dashboards, and Dev Tools.

# Ubuntu/Debian
sudo apt install -y kibana

# RHEL family
sudo dnf install -y kibana || sudo yum install -y kibana

# Configure Kibana
sudo sed -i 's/^#\?server.host:.*/server.host: "0.0.0.0"/' /etc/kibana/kibana.yml
sudo sed -i 's|^#\?elasticsearch.hosts:.*|elasticsearch.hosts: ["https://localhost:9200"]|' /etc/kibana/kibana.yml

sudo systemctl enable --now kibana

Build a Multi-Node Cluster (Overview)

For 3+ nodes, you’ll configure seed hosts, initial master nodes, and transport-layer TLS certificates. The outline below shows a secure baseline.

1) Generate Transport Certificates

# On a secure workstation or one node:
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --silent --pem --in instances.yml --out es-certs.zip

# instances.yml example:
# instances:
#   - name: node-1
#     ip: ["10.0.0.11"]
#   - name: node-2
#     ip: ["10.0.0.12"]
#   - name: node-3
#     ip: ["10.0.0.13"]

Distribute the correct cert/key pair to each node (restrict permissions), then reference them in elasticsearch.yml.

2) Cluster Configuration (edit elasticsearch.yml on each node)

cluster.name: youstable-es
node.name: node-1
network.host: 0.0.0.0

discovery.seed_hosts: ["10.0.0.11","10.0.0.12","10.0.0.13"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]

xpack.security.enabled: true
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  key: /etc/elasticsearch/certs/node-1.key
  certificate: /etc/elasticsearch/certs/node-1.crt
  certificate_authorities: ["/etc/elasticsearch/certs/ca.crt"]

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

Start each node and verify cluster health is green.

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://10.0.0.11:9200/_cluster/health?pretty

Performance Tuning Best Practices

  • Heap size: Set Xms=Xmx to ~50% of system RAM, max ~31g to preserve compressed oops.
  • Storage: Use dedicated SSD/NVMe. Avoid networked volumes for primary data unless low-latency.
  • Shards: Start with 1–3 primary shards per index; avoid oversharding. Set replicas to at least 1 in clusters.
  • Index lifecycle: Use ILM to roll over and delete old indices (logs, metrics).
  • Refresh interval: Increase for heavy ingest (e.g., 30s) to reduce overhead.
  • MMap: We already set vm.max_map_count. Keep file descriptors high.
  • Ingest: Use ingest pipelines or Logstash/Beats for parsing; keep pipelines efficient.
  • Monitoring: Track JVM, GC, cache hit ratios, I/O latency, and query times via Kibana or external monitoring.

Set JVM Heap on Package Installs

# Create an override file without editing the main jvm.options
echo "-Xms8g" | sudo tee /etc/elasticsearch/jvm.options.d/heap.options
echo "-Xmx8g" | sudo tee -a /etc/elasticsearch/jvm.options.d/heap.options

sudo systemctl restart elasticsearch

Common Commands and Health Checks

# Cluster health
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty

# Node stats (verbose)
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_nodes/stats?pretty

# List indices
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cat/indices?v

# Create a test index with sane defaults
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X PUT https://localhost:9200/test-index \
  -H "Content-Type: application/json" \
  -d '{"settings":{"number_of_shards":1,"number_of_replicas":0,"refresh_interval":"30s"}}'

Backups and Upgrades (Production Checklist)

Snapshots to S3 (example)

# Install plugin if not bundled
sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install repository-s3
sudo systemctl restart elasticsearch

# Register repository
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X PUT https://localhost:9200/_snapshot/my_s3_repo \
  -H "Content-Type: application/json" \
  -d '{"type":"s3","settings":{"bucket":"my-es-backups","region":"us-east-1"}}'

# Create snapshot
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X PUT https://localhost:9200/_snapshot/my_s3_repo/snap-`date +%F`?wait_for_completion=true

Upgrades (8.x to newer 8.x)

  • Read the release notes and run the Upgrade Assistant in Kibana.
  • Snapshot first. Verify restore works in a staging environment.
  • For clusters, perform rolling upgrades: stop one node, upgrade package, start, wait for green, repeat.
  • Re-run any custom hardening after package updates.

Troubleshooting and Logs

  • Service fails to start: Check /var/log/elasticsearch/ and journalctl.
  • Bootstrap checks: Ensure vm.max_map_count, memlock, no swap, and correct permissions.
  • Security errors: Confirm CA/keystore paths and file ownership by elasticsearch user.
  • Red/yellow cluster: Inspect shard allocation, disk watermarks, and node logs.
journalctl -u elasticsearch -e --no-pager
sudo tail -n 200 /var/log/elasticsearch/elasticsearch.log

When to Choose Managed Hosting

If you prefer to focus on your application instead of JVM tuning, shards, and TLS, managed servers can help. At YouStable, our optimized VPS and dedicated servers ship with SSD/NVMe storage, robust network, and optional ELK stack assistance—so you get a secure, tuned Elasticsearch environment without the guesswork.

FAQs: How to Configure Elasticsearch on Linux Server

Is Java required to install Elasticsearch 8 on Linux?

No. Elasticsearch 8.x bundles a compatible JDK, so you don’t need a separate Java installation. Use the official packages to ensure the correct runtime and smooth upgrades.

How do I securely expose Elasticsearch over the internet?

Use HTTPS with the generated CA or your own certificates, enforce strong passwords and roles, restrict IPs with a firewall or reverse proxy, and never run without security. Consider a WAF and limit direct exposure where possible.

Set Xms and Xmx equal to about 50% of system RAM, capped near 31 GB to retain compressed object pointers. Monitor GC and memory pressure, then adjust based on real workloads.

How many shards should I use per index?

Start small. For most use cases, 1–3 primary shards is enough. Oversharding wastes memory and file handles. Scale shards with data size and query patterns, and use ILM to manage index lifecycles.

Why do I get bootstrap check failures on startup?

In production-bound settings, Elasticsearch enforces checks like vm.max_map_count, file descriptors, memory lock, and no swap. Apply the tuning steps in this guide, fix permissions, and then restart the service.

Conclusion

You’ve installed and configured Elasticsearch on Linux with secure defaults, proper kernel tuning, and a production-friendly setup. Continue by adding Kibana, automating snapshots, and refining heap, shards, and ILM. If you need a hand, YouStable’s managed server team can preconfigure Elasticsearch for your exact workload and growth plan.

Mamta Goswami

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Articles

Scroll to Top