Step 1: Install Elasticsearch

sudo apt update
sudo apt install elasticsearch

Step 2: Enable X-Pack Security

sudo nano /etc/elasticsearch/elasticsearch.yml

• Open the Elasticsearch configuration file for editing.
• Remove the comment from the line xpack.security.enabled: true by removing the # at the beginning.
• Save the changes and close the text editor.

Step 3: Generate SSL certificates

sudo mkdir /etc/elasticsearch/certs
sudo apt install openssl
sudo openssl req -x509 -out /etc/elasticsearch/certs/elastic1.crt -keyout /etc/elasticsearch/certs/elastic1.key -newkey rsa:2048 -nodes -sha256 -subj "/C=US/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=localhost"
sudo openssl pkcs12 -export -in /etc/elasticsearch/certs/elastic1.crt -inkey /etc/elasticsearch/certs/elastic1.key -out /etc/elasticsearch/certs/elastic1.p12 -name "elasticsearch-cert"
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo chmod 0400 /etc/elasticsearch/certs/*

• This step generates a self-signed SSL certificate using OpenSSL and converts it to PKCS#12 format.

Step 4: Configure SSL settings

sudo nano /etc/elasticsearch/elasticsearch.yml

• Open the Elasticsearch configuration file for editing.
• Add the following lines to the end of the file to configure the SSL settings:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic1.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic1.p12

• Save the changes and close the text editor.

Step 5: Restart Elasticsearch

sudo systemctl restart elasticsearch

• This step restarts Elasticsearch to apply the configuration changes.

Step 6: Check SSL/TLS encryption

curl --cacert /etc/elasticsearch/certs/elastic1.p12 https://localhost:9200

• This command tests the SSL/TLS connection using curl to check if the SSL/TLS encryption is working correctly.

Step 7: Configure user authentication and roles

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

• This step sets the password for the built-in elastic user. Make sure to save the generated password.
• Configure additional users and roles as needed using the elasticsearch-users command.

Step 8: Update Firewall Rules

• If you have a firewall enabled, you must allow incoming connections through the Elasticsearch port (default: 9200) and the SSL/TLS port (default: 9300) to ensure external access.
• For example, by using ufw firewall:

sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp

• Customize the commands based on your specific firewall configuration.

By following these steps, you should be able to secure Elasticsearch with X-Pack with SSL/TLS encryption on Ubuntu 20.04. Remember to adjust any file paths or configurations to suit your specific requirements.