Install Elasticsearch 9 on Ubuntu from Elastic’s official APT repository when you want the current self-managed Elasticsearch 9 branch on a host you administer. This walkthrough covers Ubuntu 26.04, 24.04, and 22.04 with a DEB822 source file, package verification, systemd startup, HTTPS API testing, version checks, JVM heap tuning, firewall notes, troubleshooting, and removal.
Elasticsearch is a server package, not a Flatpak desktop app. Use Elastic’s APT repository for a host-managed systemd service, use Docker only when you specifically want an isolated development container, and keep OpenSearch or Elastic Agent questions separate because they are different products.
Install Elasticsearch on Ubuntu
This APT path installs Elasticsearch 9.x from Elastic’s repository and lets Ubuntu manage the service through systemd. Run the commands from an account with sudo access.
Prepare Ubuntu for the Elastic APT Repository
Install Elasticsearch Repository Prerequisites
Refresh package metadata first, then install the tools used to verify HTTPS downloads and store Elastic’s signing key. Minimal Ubuntu installs may not include ca-certificates, curl, or gpg.
sudo apt update
sudo apt install ca-certificates curl gpgImport the Elastic Signing Key
Store the Elastic signing key in /usr/share/keyrings/ so only the Elasticsearch source file can use it.
sudo install -d -m 0755 /usr/share/keyrings
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor --yes -o /usr/share/keyrings/elasticsearch-keyring.gpg
sudo chmod 0644 /usr/share/keyrings/elasticsearch-keyring.gpgCheck the key fingerprint before adding the repository. The current Elastic signing key fingerprint is 4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4.
gpg --show-keys --with-fingerprint /usr/share/keyrings/elasticsearch-keyring.gpgAdd the Elasticsearch 9 APT Source
Create a DEB822 source file for the Elasticsearch 9.x repository. Elastic’s current 9.x APT metadata publishes Elasticsearch packages for amd64 and arm64; it does not provide an i386 Elasticsearch package. The stable suite is Elastic’s repository suite name, not an Ubuntu codename such as noble, jammy, or resolute.
printf '%s\n' \
'Types: deb' \
'URIs: https://artifacts.elastic.co/packages/9.x/apt' \
'Suites: stable' \
'Components: main' \
'Architectures: amd64 arm64' \
'Signed-By: /usr/share/keyrings/elasticsearch-keyring.gpg' | sudo tee /etc/apt/sources.list.d/elasticsearch.sources >/dev/nullRefresh APT and Confirm the Elasticsearch Candidate
Refresh APT after adding the source.
sudo apt updateConfirm that the candidate comes from Elastic’s 9.x repository.
apt-cache policy elasticsearchThe candidate version should begin with 9., and the source line should reference https://artifacts.elastic.co/packages/9.x/apt. Install the package after that source check passes.
Install Elasticsearch from the Elastic APT Repository
sudo apt install elasticsearchThe package creates the elasticsearch user and group, installs a bundled Java runtime, prepares the service unit, and prints the generated elastic superuser password during installation. Save that password from the terminal output; if you miss it, reset the password after the service starts.
Start and Verify Elasticsearch on Ubuntu
Start and Enable Elasticsearch
The Elastic DEB package does not start Elasticsearch automatically after installation. Reload systemd, enable the service for future boots, and start it now.
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.serviceCheck both the runtime state and the boot-time enablement state.
systemctl is-active elasticsearch.service
systemctl is-enabled elasticsearch.serviceactive enabled
Reset the Elastic Password if Needed
Because the Elastic DEB package runs Elasticsearch with systemd, reset the elastic superuser password after Elasticsearch is running. The default command generates a new password; add -i if you want to set one interactively.
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elasticTest the Local HTTPS API
Elasticsearch enables TLS on the HTTP layer during security auto-configuration. The generated CA certificate is readable by root and the elasticsearch group, so use sudo curl with the certificate path and let curl prompt for the elastic password instead of placing the password in the command line.
sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200 | grep -E '"cluster_name"|"number"|"build_type"|"tagline"'A successful response shows your cluster name, an Elasticsearch 9.x version number, build_type set to deb, and the standard Elasticsearch tagline. Relevant output includes:
"cluster_name" : "elasticsearch",
"number" : "9.4.1",
"build_type" : "deb",
"tagline" : "You Know, for Search"
Check the Installed Elasticsearch Version
Use the package policy view when you need the installed package, candidate package, and source repository in one place. Use the Elasticsearch binary when you only need the running branch and build details.
As of May 16, 2026, Elastic’s 9.x APT repository resolves to Elasticsearch 9.4.1 on amd64 and arm64. Treat apt-cache policy as the current answer because Elastic updates the 9.x repository in place.
apt-cache policy elasticsearch
sudo /usr/share/elasticsearch/bin/elasticsearch --versionResolve Elasticsearch Ubuntu Method and Version Questions
Elasticsearch 9 versus Elasticsearch 8: Use Elasticsearch 9 for new self-managed deployments that need the current 9.x feature branch. Use Elasticsearch 8 on Ubuntu when you must stay with an existing 8.x cluster, plugin, or application compatibility target.
Flatpak versus Elasticsearch: Flatpak is not an Elasticsearch install method. Flatpak packages desktop applications and runtimes, while Elasticsearch is a server process that needs a service account, data directories, TLS material, and a systemd unit. If you were looking for the Flatpak package manager itself, use the Ubuntu Flatpak guide instead.
Docker versus host APT: Elastic documents Docker images for local development and containerized deployments, but Docker changes storage, networking, service management, and upgrade behavior. If you want a normal Ubuntu systemd service, use the APT workflow; if you want containers, install Docker first with the Ubuntu Docker guide and then follow Elastic’s container documentation.
OpenSearch and Elastic Agent: OpenSearch is a separate search project, and Elastic Agent is a separate Elastic data-collection agent. Installing the elasticsearch package does not install either one, and their package names, repositories, services, and upgrade paths should not be mixed with this Elasticsearch server workflow.
Elastic Stack components: This package installs the Elasticsearch server only. Kibana, Logstash, Beats, and Elastic Agent use their own packages, services, enrollment steps, and version-alignment checks.
Old tarball and download hostnames: Legacy URLs such as download.elasticsearch.org or old download.elastic.co release paths belong to older Elasticsearch releases. For a maintained Ubuntu server install, use the current APT repository workflow or Elastic’s official download page if you intentionally need an archive outside APT.
Configure Elasticsearch Paths and JVM Heap on Ubuntu
The Elastic DEB package uses the standard Linux filesystem layout. These paths are useful for configuration, backups, service diagnostics, and cleanup.
| Path | Role |
|---|---|
/usr/share/elasticsearch/ | Elasticsearch home, binaries, bundled JDK, and plugins |
/etc/elasticsearch/ | Main configuration, including elasticsearch.yml and generated certificates |
/etc/elasticsearch/certs/http_ca.crt | Generated CA certificate for HTTPS client trust |
/etc/default/elasticsearch | Environment settings such as ES_PATH_CONF and restart-on-upgrade behavior |
/var/lib/elasticsearch/ | Index data, cluster state, and node data |
/var/log/elasticsearch/ | Elasticsearch logs |
Edit the Main Configuration File
Most single-node development installs can start with the package defaults. When you need to change cluster identity, node names, path settings, or network behavior, edit elasticsearch.yml and restart the service afterward.
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo systemctl restart elasticsearch.serviceAdjust JVM Heap Size
Elasticsearch automatically sizes the JVM heap for many installs. If you need a fixed heap, set Xms and Xmx to the same value in a file under /etc/elasticsearch/jvm.options.d/. Keep heap below 50% of available memory, and stay below the compressed ordinary object pointer threshold; Elastic documents 26 GB as safe on most systems and up to about 30 GB on some systems.
printf '%s\n' '-Xms2g' '-Xmx2g' | sudo tee /etc/elasticsearch/jvm.options.d/heap.options >/dev/null
sudo systemctl restart elasticsearch.serviceAfter restart, check the logs or the nodes API if you need to confirm heap settings and compressed pointer status.
sudo journalctl -u elasticsearch.service --no-pager -n 50 | grep -i 'heap size'Manage Elasticsearch Network Access on Ubuntu
Elasticsearch security auto-configuration can bind the HTTP API to 0.0.0.0 on first start, while transport traffic remains local until you configure cluster connectivity. Verify the active listener and keep firewall access restricted unless you have a clear client, Kibana, Logstash, Beats, or cluster-node requirement. Opening port 9200 to broad networks is risky even with authentication and TLS enabled.
Allow a Trusted Client IP with UFW
If you intentionally expose the HTTP API to another trusted host, restrict the firewall rule to that client address. Replace the example IP with your real client, proxy, or application server address.
sudo ufw allow from 192.168.1.50 to any port 9200 proto tcp
sudo ufw status numberedUse the Ubuntu UFW firewall guide for broader firewall administration. For multi-node clusters, also plan transport-port access on 9300 between trusted nodes and follow Elastic’s enrollment-token workflow instead of only opening ports.
Check the Active Listener
Use ss to see which address owns port 9200. A listener such as 127.0.0.1:9200 is local-only; 0.0.0.0:9200 or :::9200 means the HTTP API is listening on external interfaces and must be protected by host firewall rules and upstream network controls.
sudo ss -tlnp | grep ':9200'If you need a different binding, revisit /etc/elasticsearch/elasticsearch.yml. For production clusters, review Elastic’s networking and discovery settings before changing network.host, http.host, transport.host, or discovery options.
Update Elasticsearch on Ubuntu
APT handles Elasticsearch package updates from the same 9.x repository. Check the candidate first, apply the upgrade, then restart manually when appropriate for your cluster. The Elastic DEB package’s restart-on-upgrade behavior is conservative because production clusters often need planned rolling restarts.
sudo apt update
apt-cache policy elasticsearch
sudo apt install --only-upgrade elasticsearchRestart a single-node install after the package upgrade. For multi-node clusters, follow Elastic’s upgrade and shard-allocation guidance instead of restarting every node at once.
sudo systemctl restart elasticsearch.service
systemctl is-active elasticsearch.serviceTroubleshoot Elasticsearch on Ubuntu
Package Is Missing or APT Cannot Locate Elasticsearch
If APT cannot find the package, confirm that the source file exists, refresh metadata, and check the candidate again.
sudo test -f /etc/apt/sources.list.d/elasticsearch.sources && echo "source file exists"
sudo apt update
apt-cache policy elasticsearchThe policy output should show the Elastic 9.x repository. If it does not, recheck the URIs, Suites, Components, Architectures, and Signed-By fields in the source file.
Repository Is Not Signed or Key Verification Fails
A signing error usually means the keyring path in the DEB822 file does not match the key file on disk, the key file is unreadable, or an older one-line source file is still present. Recheck the key file and search for duplicate Elastic source entries.
ls -l /usr/share/keyrings/elasticsearch-keyring.gpg
grep -R "artifacts.elastic.co/packages" /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/nullIf a stale 8.x or legacy Elastic source remains, remove the duplicate source file you no longer use, then run sudo apt update again.
Service Fails with Missing CPU Features
On x86_64 hosts, current Elasticsearch 9 packages can install successfully but fail at service startup when the host or virtual machine does not expose required CPU features. The journal may list missing features such as AVX, AVX2, BMI1, BMI2, FMA, or F16C.
sudo journalctl -u elasticsearch.service --no-pager -n 50
/lib64/ld-linux-x86-64.so.2 --help | grep -A4 'x86-64-v'If an x86_64 CPU-level check shows only x86-64-v2, fix the VM CPU model, enable host CPU passthrough, move the node to hardware that exposes the required features, or choose a deployment target that matches Elastic’s current runtime requirements. Do not treat this as an APT repository problem when the package installed cleanly and the failure appears only in the service journal.
HTTPS API Check Fails
Use https, include the generated CA certificate, and authenticate as elastic. A plain HTTP request to port 9200 fails after security auto-configuration because the HTTP layer expects TLS.
sudo test -f /etc/elasticsearch/certs/http_ca.crt && echo "CA certificate exists"
sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200Port 9200 Is Already in Use
If Elasticsearch cannot bind to port 9200, identify the process already using that listener.
sudo ss -tlnp | grep ':9200'Stop the conflicting service, change that service’s listener, or configure Elasticsearch to use a different HTTP port in elasticsearch.yml before restarting Elasticsearch.
Remove Elasticsearch from Ubuntu
Stop the service first, then remove the package. Keep data and configuration until you have confirmed backups, snapshots, or migration requirements.
sudo systemctl disable --now elasticsearch.service
sudo apt remove elasticsearchAfter you back up any configuration you still need, purge package-owned conffiles.
sudo apt purge elasticsearchPreview unused dependency cleanup before running it. Continue only if the package list is acceptable for your system.
sudo apt autoremove --dry-runsudo apt autoremoveRemove the Elasticsearch 9 APT source if this system no longer needs the 9.x package branch.
sudo rm -f /etc/apt/sources.list.d/elasticsearch.sources
sudo apt update
apt-cache policy elasticsearchThe signing key can be shared by other Elastic package sources. Remove it only when no remaining Elastic source uses the same Signed-By path; if the check prints another source file, leave the key in place.
apt_source_paths=(/etc/apt/sources.list.d)
if [ -f /etc/apt/sources.list ]; then
apt_source_paths+=(/etc/apt/sources.list)
fi
if ! grep -R -E "Signed-By: /usr/share/keyrings/elasticsearch-keyring.gpg|signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg" "${apt_source_paths[@]}" 2>/dev/null; then
sudo rm -f /usr/share/keyrings/elasticsearch-keyring.gpg
fiDelete local Elasticsearch data, logs, and configuration only when you are sure you no longer need the node’s indices, certificates, or settings.
These cleanup commands delete the local node’s indices, generated certificates, and configuration. Keep verified snapshots or backups before using them.
sudo rm -rf /var/lib/elasticsearch
sudo rm -rf /var/log/elasticsearch
sudo rm -rf /etc/elasticsearchConfirm that the package is no longer installed.
dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package}\n' elasticsearch 2>/dev/null | grep '^ii' || echo "elasticsearch package is not installed"Official Elasticsearch Ubuntu Resources
- Elastic Debian package installation
- Elasticsearch release notes
- Elastic support matrix
- Elasticsearch JVM settings
- Elasticsearch downloads
Conclusion
You now have the current Elasticsearch 9 APT path for Ubuntu, including the keyring, DEB822 source, systemd startup, HTTPS API check, version verification, update flow, and safer removal sequence. For production work, confirm Elastic’s support matrix for your exact operating system, architecture, JVM/runtime expectations, and Elastic Stack component versions before rolling the same procedure into a cluster.
Formatting tips for your comment
You can use basic HTML to format your comment. Useful tags currently allowed in published comments:
<code>command</code>command<strong>bold</strong><em>italic</em><a href="https://example.com">link</a><blockquote>quote</blockquote>