Updated deploy-elastic script – version 7

UPDATE 3/30/2022 – another update was made to make fleet deployments easier. This is explained on this post

The original post for the deploy-elastic.sh script is here. Made some updates so I thought I would post it on a new post.


  • 8.x is now supported. You can use the script for any versions 6.x-8.x.
  • full – modes are removed. The script is additive so if you deploy only the stack and want to add features on top you can run it again with the feature you want to add. You can add multiple features to your stack.
  • Starting stack 7.16.0 apm server is removed and moved to fleet

Matrix of all the features and versions that they work on

6.x 7.x 8.x network exposure
elasticstack * * * 9200 with SSL and 9201 without SSL(<8.0.0), 5601 with SSL
monitoring 6.5.0+ * *
snapshot * * *
fleet x 7.10.0+ * 8220 with SSL
enterprise search x 7.7.0+ * 3002 without SSL
apm server * -7.16.0 x 8200 without SSL

If you are running the script on your local machine you can open a browser to https://localhost:5601 to access kibana or user https://localhost:9200 to access the APIs. If you are running this on a remote machine please use https://remotemachinenameorip:5601 and https://remotemachinenameorip:9200

ca.crt that was used to sign all the certificates is located on ~/elasticstack/ca.crt and has localhost,,containername as SAN for each certificate.



  1. Thank you, Justin! This is really great!
    You might want to check if docker-compose and jq are installed and give a warning if not.

    I have made a prep script for my use with this in it (meant for Ubuntu 20.04 LTS):

    apt install docker-compose jq
    echo “vm.max_map_count=262144” > /etc/sysctl.d/50-elastic.conf
    sysctl vm.max_map_count=262144
    echo “Remember to mount some decent storage on /var/lib/docker/volumes”

    • MARTIN – thanks for the suggestions. the script checks for docker and docker-compose. I’ve added the check for jq !!

  2. Hi Justin, thanks for sharing your work! This is impressive. I am using the cloud product but needed a stack for my home lab and spend 2 days setting up a 3 node cluster using the Elastic documentation (yep, no external documents, it takes a few days only to read those and try to pull only what’s useful). Again, appreciate the fact you are sharing your time spend with everyone.
    Have a great day!

  3. Hi Justin,
    The script is amazing! it’s very useful for learning Elastic. Could you please consider add Endpoint Security to it?

    • Eric – Its already there! all the requirements to run endpoint security are already built into the script. Once you run it in fleet mode and then register some elastic-agents on remove servers you can add the Endpoint Security integrations and start using it.

      • Hi Justin,
        Thanks for your prompt reply, Yes, as you said, I have added an endpoint agent to fleet but it keeps showing “unhealthy” under the “fleet –> agent” and no show at “Security –> Endpoints”. The fleet server is healthy (fleet server and system integration), and agents w/o endpoint security are healthy too. (system integration or system + elastic agent integration, or system + docker + elastic agent integration….etc). No matter I add the endpoint agent in docker-compose or a pyhsical machine. Any agent w/ endpoint security becomes unhealthy, any advise? T_T ps: it’s v8.1.1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.