How to set the Kibana server host and port

Changing the Kibana listen address and TCP port controls which networks can reach the web interface and APIs. This is the setting that turns a local-only default into remote access, or moves Kibana to a different port when 5601 conflicts with another service.

Current self-managed Kibana reads server.host and server.port from /etc/kibana/kibana.yml in package installs and defaults to localhost:5601 until those settings are changed. server.host decides which local interfaces accept connections, while server.port decides which TCP port the built-in HTTP server listens on.

Using 0.0.0.0 makes Kibana listen on every available interface, so prefer localhost or a specific private address when that is enough for the deployment. If you change the port, update any matching firewall rules, reverse proxy upstreams, or health checks, and if Kibana is published through a sub-path, align server.basePath and server.publicBaseUrl so redirects and absolute links keep using the correct URL.

Related: How to set the Kibana public base URL
Related: How to configure the Kibana base path

Steps to set the Kibana server host and port:

  1. Back up the current Kibana configuration file before editing it. 
    $ sudo cp /etc/kibana/kibana.yml /etc/kibana/kibana.yml.bak
  2. Open the Kibana configuration file in a root-owned editor. 
    $ sudoedit /etc/kibana/kibana.yml

    Archive installs commonly use /usr/share/kibana/config/kibana.yml instead of /etc/kibana/kibana.yml.

  3. Set server.host and server.port to the address and TCP port that Kibana should use. 
    server.host: "0.0.0.0"
server.port: 5602

    Use localhost to keep Kibana local-only, or a specific private IP such as 192.0.2.15 when only one interface should accept connections.

    Elastic's current docs still describe 0.0.0.0 as listening on all public and private IPs, so only use it when firewall rules and routing already limit who can reach the port.

  4. Restart the Kibana service to load the new network settings. 
    $ sudo systemctl restart kibana

    Related: How to manage the Kibana service with systemctl in Linux

  5. Confirm the Kibana process is listening on the configured TCP port. 
    $ sudo ss --tcp --listening --numeric | grep ':5602'
LISTEN 0      511          0.0.0.0:5602       0.0.0.0:*

    If you bind to a single private address, the local address column should show that address instead of 0.0.0.0.

  6. Request the configured URL to confirm the HTTP service answers on the new address and port. 
    $ curl --silent --show-error --head http://127.0.0.1:5602/ | head -n 5
HTTP/1.1 302 Found
location: /spaces/enter
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=()

    A normal HTML response, a redirect to /spaces/enter, or a redirect to /login all confirm that Kibana is answering on the selected port. If you bind to a non-loopback address only, request that address or DNS name instead of 127.0.0.1.

  7. Query the status API if the port is open but the UI is still not usable. 
    $ curl --silent --show-error http://127.0.0.1:5602/api/status | jq -r '.status.overall.level, .status.core.elasticsearch.level'
available
available

    Both available values confirm that Kibana and its Elasticsearch connection are ready to serve requests. When TLS or authentication is enabled, add the certificate and authentication flags required by your deployment.

    Related: How to check Kibana status