Technology Sharing

Detailed tutorial on installing distributed search and analysis engine Elasticsearch and remote access on Windows system

2024-07-11

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Preface

This article mainly introduces how to install the distributed search and analysis engine Elasticsearch on Windows system, and use it with the Npolar intranet penetration tool to achieve remote access without a public IP.

Elasticsearch is a distributed search and analysis engine based on the Lucene library. It provides a distributed, multi-tenant full-text search engine with an HTTP web interface and schema-free JSON documents. It is also a very powerful tool that can be used for a variety of purposes, such as log analysis, search engines, security analysis, and more.

The benefit of remote connection is that it allows users to access the Elasticsearch cluster from a remote location, which makes it easy to query and manage data. The specific benefits are as follows:

  1. Convenient remote collaboration: Remote connection allows multiple users to access the Elasticsearch cluster from different locations at the same time, facilitating team collaboration and data sharing.
  2. Improve data security: Remote connection allows users to query and manage data locally, avoiding the risks of directly operating data on the server and improving data security.
  3. Convenient data backup: Remote connection allows users to easily back up data locally, avoiding the risk of data loss.
  4. Improve data processing efficiency: Remote connection allows users to process and analyze data locally, avoiding time and bandwidth limitations of data transmission and improving data processing efficiency.

System environment

JDK 1.8

1. Install Elasticsearch on Windows

Go to the official download page: https://www.elastic.co/downloads/elasticsearch, select the Windows version to download. Elasticsearch requires a Java environment to run. If you don't have an environment installed, you need to install JDK in advance.

image-20231110145417985

After downloading, unzip it, enter the bin directory, and findelasticsearch.batThe script file executes one-click startup.

image-20231110145816972

After startup, pay special attention to the user name and password information in the cmd window. This user name and password are required to access the login

image-20231110151352328

2. Local access to Elasticsearch

After running the service, enter the browserhttps://lcoalhost:9200You will be prompted to enter your username and password. Fill in the username we saw above: elastic and the corresponding password to access successfully. Next, install the Ngrok tool to achieve remote access

image-20231110152246542

3. Install Ngrok on Windows

Visit the ngrok official website, register an account, then download and install the client. For specific installation instructions, please refer to the official website documentation tutorial.

Ngrok official website:https://www.cpolar.com/

  • Windows system: After downloading the installation package from the official website, double-click the installation package and install it by default.
  • Linux system: supports one-click automatic installation script, please refer to the official website document for details——Getting Started

image-20231113140709326

Note! After Ngrok is installed successfully, the default Ngrok web interface access port is also 9200, which will conflict with Elasticsearch. You need to change the Ngrok management interface port. If the Elasticsearch port is not 9200, you do not need to change it.

Find the ngrok configuration file:c:Users用户名.cpolarcpolar.yml, use Notepad editing tool or other software to open

image-20231113140858314

In the configuration file, add a line:client_dashboard_addr: 127.0.0.1:9800, the port can be customized, here we use 9800

image-20231113141453289

After modifying, remember to save the configuration file, then restart the ngrok service in Control Panel – Administrative Tools – Services – ngrok service

image-20231113141414399

Then enter the browserlocalhost:9800, you can access the Ngrok Web UI management interface, enter the account registered on the official website to log in.

image-20231113141644952

4. Create an Elasticsearch public network access address

After logging in, click Tunnel Management on the left dashboard - Create Tunnel to create a 9200 http tunnel

  • Tunnel name: You can customize the name. Be careful not to duplicate the name of an existing tunnel.
  • Protocol: Select http
  • Local address: https://127.0.0.1:9200 (fill in the full address for local access via https)
  • Domain name type: Free to choose a random domain name
  • Region: Select China

Click创建

image-20231113150106574

After the tunnel is successfully created, click Status on the left - Online Tunnel List to view the generated public network access address. There are two access methods, http and https. Since the local is https, we only need to use the https address.

image-20231113150229680

5. Remote access to Elasticsearch

Open the browser and use the Npolar https public network address to access. You can see that the access is successful. In this way, the public network address that can be accessed by a remote or any device browser is set.

image-20231113150402441

summary

For better demonstration, we used the tunnel generated by ngrok in the previous process, whose public network address was randomly generated.

The advantage of this random address is that it is quick to create and can be used immediately. However, its disadvantage is that the URL is generated by random characters and is not easy to remember (for example: 3ad5da5.r10.ngrok.top). In addition, this address will change randomly within 24 hours, making it more suitable for temporary use.

I usually use a fixed second-level subdomain because I want it to be a fixed, easy-to-remember public address (for example: crm.npolar.cn) when I send the URL to my colleagues or customers. This makes it more formal and easier to communicate and collaborate.

6. Set a fixed subdomain

Since the tunnel created by ngrok above uses a random public network address, it will change randomly within 24 hours, which is not conducive to long-term remote access. Therefore, we can configure a secondary subdomain for it, which is a fixed address and will not change randomly [ps: ngrok.cn has been registered]

Please note that you need to upgrade your ngrok package to the basic package or above, and each package has a different bandwidth. [ngrok.cn has been registered]

Log in to ngrok official website, click Reserve on the left, select Reserve a second-level subdomain, set a second-level subdomain name, click Reserve, and copy the reserved second-level subdomain name after the reservation is successful

image-20231113151721641

After the reservation is successful, copy the reserved secondary subdomain address

image-20231113151751358

Log in to the ngrok web UI management interface, click Tunnel Management -> Tunnel List on the left dashboard, find the tunnel you want to configure, and click Edit on the right.

image-20231113152109057

Modify the tunnel information and configure the successfully retained secondary subdomain name into the tunnel

  • Domain Type: Select a secondary subdomain
  • Sub Domain: Fill in the successfully reserved secondary subdomain

Click更新

image-20231113152142969

After the update is complete, open the online tunnel list and you can see that the public network address has changed and the address name has become a reserved and fixed secondary subdomain name.

image-20231113152233962

Finally, use the fixed domain name public network https address to access, and you can see that the access is also successful. In this way, a permanent and fixed public network address is set!

image-20231113152348531