Installing Elasticsearch on Ubuntu or Debian provides a scalable search and analytics engine for application data, logs, and metrics. A working local node enables indexing and query development without relying on an external service.

The APT package installs Elasticsearch as a systemd service with configuration stored under /etc/elasticsearch and runtime data stored under /var/lib/elasticsearch. The REST API is exposed on port 9200, while the internal transport protocol uses port 9300, with a bundled JVM used by default for consistent runtime behavior.

Recent 8.x releases enable security features by default, so API access typically uses HTTPS and requires authentication. Production readiness depends on system tuning (especially vm.max_map_count), memory sizing, and network binding, because changing settings such as network.host can trigger bootstrap checks and affect startup behavior.

Steps to install Elasticsearch on Ubuntu or Debian:

  1. Add the Elasticsearch signing key. 
    $ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch.gpg

    No output indicates the keyring file was created successfully.

  2. Add the Elasticsearch APT repository. 
    $ echo "deb [signed-by=/usr/share/keyrings/elasticsearch.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
deb [signed-by=/usr/share/keyrings/elasticsearch.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main
  3. Refresh package metadata. 
    $ sudo apt update

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Get:1 http://ports.ubuntu.com/ubuntu-ports noble InRelease [256 kB]
Get:2 https://artifacts.elastic.co/packages/8.x/apt stable InRelease [3248 B]
Get:3 https://artifacts.elastic.co/packages/8.x/apt stable/main arm64 Packages [120 kB]
##### snipped #####
Reading package lists...
Building dependency tree...
Reading state information...
All packages are up to date.
  4. Install the Elasticsearch package. 
    $ sudo apt install --assume-yes elasticsearch
##### snipped #####
Setting up elasticsearch (8.19.9) ...
  5. Persist the vm.max_map_count requirement for Elasticsearch. 
    $ echo "vm.max_map_count=262144" | sudo tee /etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count=262144
  6. Reload sysctl values. 
    $ sudo sysctl --system
##### snipped #####
* Applying /etc/sysctl.d/99-elasticsearch.conf
  7. Confirm the effective vm.max_map_count value. 
    $ sysctl vm.max_map_count
vm.max_map_count = 262144
  8. Enable and start the Elasticsearch service. 
    $ sudo systemctl enable --now elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

    Related: How to manage the Elasticsearch service with systemctl in Linux

  9. Verify the service is running. 
    $ sudo systemctl status elasticsearch --no-pager
* elasticsearch.service - Elasticsearch
##### snipped #####
     Active: active (running) since Tue 2026-01-06 11:40:19 UTC; 11s ago

    Use sudo journalctl -u elasticsearch --no-pager -n 50 to review recent startup logs.

  10. Reset the built-in elastic user password. 
    $ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
Please confirm that you would like to continue [y/N]y

Password for the [elastic] user successfully reset.
New value: xZYKXbuyY+0H78RQIELZ

    Store the password securely; the elastic user has full administrative access.

  11. Test the HTTPS endpoint. 
    $ curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "node-01",
  "cluster_name" : "search-cluster",
  "cluster_uuid" : "9IawTiqiSMSj3Q8BE0A0FQ",
  "version" : {
    "number" : "8.19.9"
  },
  "tagline" : "You Know, for Search"
}