1. 下载

方法一：通过 Elastic 官方存档页面下载

0. 访问官方存档： 打开浏览器，进入 Elastic 官方历史版本页面： https://www.elastic.co/downloads/past-releases
1. 选择产品： 在页面中找到 "Elasticsearch" 部分。
2. 选择版本： 点击目标版本号（如 7.13.3），页面会显示该版本的所有安装包（Linux/macOS/Windows 等格式）。
3. 下载文件： 根据系统需求选择格式（如 .tar.gz、.zip 或 .deb/.rpm），点击下载链接即可。

方法二：直接通过 URL 构造下载链接

Elasticsearch 的安装包遵循固定命名规则，可手动拼接 URL：

https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{版本号}.{格式}

示例：

• 下载 7.17.3 的 Linux/macOS 压缩包： https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.13.3-linux-x86_64.tar.gz
• 下载 7.13.3 的 Windows 压缩包： https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.13.3.zip

注意事项

0. 版本兼容性： 旧版本可能不再接收安全更新，建议优先使用官方支持的版本。
1. 依赖匹配： 如需搭配 Kibana 或 Logstash，确保组件版本一致（如 ES 7.x 需搭配 Kibana 7.x）。

2. 安装

利用下载的linux版本7.13.3，进行安装测试。操作系统Anolis8.10。

2.1 linux版本安装Elasticsearch

前置条件

0. Java 环境：Elasticsearch 7.13.3 需要 Java 11
1. 系统用户：不能使用 root 用户直接运行（这里用默认的用户zhao）
2. 内存要求：建议可用内存 ≥ 2GB

详细安装步骤

步骤 1：上传解压

把下载的
elasticsearch-7.13.3-linux-x86_64.tar.gz上传到anolis系统上目录：/home/zhao/programs

[zhao@t420vmanolis8-hljcors programs]$ pwd
/home/zhao/programs
[zhao@t420vmanolis8-hljcors programs]$ ls
elasticsearch-7.13.3-linux-x86_64.tar.gz
[zhao@t420vmanolis8-hljcors programs]$

解压

[zhao@t420vmanolis8-hljcors programs]$ tar -xzf elasticsearch-7.13.3-linux-x86_64.tar.gz
[zhao@t420vmanolis8-hljcors programs]$ ls
elasticsearch-7.13.3  elasticsearch-7.13.3-linux-x86_64.tar.gz
[zhao@t420vmanolis8-hljcors programs]$

步骤 2：配置

[zhao@t420vmanolis8-hljcors programs]$ cd elasticsearch-7.13.3/
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ ls
bin  config  jdk  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$

首先是java环境，因elasticsearch 7.0版本以上，已经自带了jdk，把这个目录添加到环境变量即可。另外也需要把elasticsearch目录添加到环境变量中去。

[zhao@t420vmanolis8-hljcors ~]$ pwd
/home/zhao
[zhao@t420vmanolis8-hljcors ~]$ nano .bashrc
[zhao@t420vmanolis8-hljcors ~]$
[zhao@t420vmanolis8-hljcors ~]$ source .bashrc
[zhao@t420vmanolis8-hljcors ~]$

在.bashrc文件中，添加如下内容：

export ES_JAVA_HOME=/home/zhao/programs/elasticsearch-7.13.3/jdk
export ES_HOME=/home/zhao/programs/elasticsearch-7.13.3

修改elasticsearch.yml配置信息：

[zhao@t420vmanolis8-hljcors config]$ pwd
/home/zhao/programs/elasticsearch-7.13.3/config
[zhao@t420vmanolis8-hljcors config]$ ls
elasticsearch.yml  jvm.options  jvm.options.d  log4j2.properties  role_mapping.yml  roles.yml  users  users_roles
[zhao@t420vmanolis8-hljcors config]$

elasticsearch.yml默认的配置信息

[zhao@t420vmanolis8-hljcors config]$ cat elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
[zhao@t420vmanolis8-hljcors config]$
[zhao@t420vmanolis8-hljcors config]$

主要修改或添加配置信息如下：

network.host: 0.0.0.0   # 开发环境,快速测试，需配合防火墙限制 IP
discovery.type: single-node  # 添加该配置，单节点模式，关闭开发模式检查

注意：修改 network.host 后 Elasticsearch 会自动切换为生产模式，未正确配置 discovery 和 heap size 将导致节点无法启动！

目录中的jvm.options根据内存情况调整：

-Xms4g
-Xmx4g

注意：Elasticsearch 默认根据系统可用内存和节点角色自动配置堆大小，无需手动干预。

如需手动配置，必须遵守：

• -Xms (初始堆) 和 -Xmx (最大堆) 设置为相同值
• 不超过物理内存的 50%（留内存给OS缓存）
• 不超过 30GB（避免JVM指针压缩失效）
• 不低于 1GB（保障基本运行）

最佳实践建议

步骤3：打开防火墙端口9200

# 永久开放9200端口
sudo firewall-cmd --permanent --add-port=9200/tcp

# 可选：限制访问源IP（示例：仅允许192.168.2.0/24网段）
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.2.0/24" port port="9200" protocol="tcp" accept'

# 重新加载配置
sudo firewall-cmd --reload

# 验证规则
sudo firewall-cmd --list-ports
sudo firewall-cmd --list-rich-rules

3. 启动

3.1 后台启动：

[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ pwd
/home/zhao/programs/elasticsearch-7.13.3
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ ls
bin  config  data  jdk  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ ./bin/elasticsearch -d
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$

查看后台运行的进程

[zhao@t420vmanolis8-hljcors ~]$ pgrep -f elasticsearch
20646
20751
[zhao@t420vmanolis8-hljcors ~]$
或者：

[zhao@t420vmanolis8-hljcors ~]$ ps aux | grep elasticsearch
zhao       20646  5.9 55.5 14475448 8941648 ?    Sl   12:01   6:59 /home/zhao/programs/elasticsearch-7.13.3/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-9440998747720102702 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms7852m -Xmx7852m -XX:MaxDirectMemorySize=4116709376 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/home/zhao/programs/elasticsearch-7.13.3 -Des.path.conf=/home/zhao/programs/elasticsearch-7.13.3/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /home/zhao/programs/elasticsearch-7.13.3/lib/* org.elasticsearch.bootstrap.Elasticsearch -d
zhao       20751  0.0  0.0 120760 12308 ?        Sl   12:01   0:00 /home/zhao/programs/elasticsearch-7.13.3/modules/x-pack-ml/platform/linux-x86_64/bin/controller
zhao       66006  0.0  0.0 222016  1176 pts/4    S+   13:59   0:00 grep --color=auto elasticsearch
[zhao@t420vmanolis8-hljcors ~]$

查看日志

# 查看实时日志（Ctrl+C 退出）
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ ls
bin  config  data  jdk  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ tail -f logs/elasticsearch.log


# 查找关键启动信息
[zhao@t420vmanolis8-hljcors elasticsearch-7.13.3]$ grep -E "started|initialized" logs/elasticsearch.log

正常启动日志特征：

[2025-07-10T08:54:47,624][INFO ][o.e.i.g.LocalDatabases   ] [t420vmanolis8-hljcors] initialized default databases [[GeoLite2-Country.mmdb, GeoLite2-City.mmdb, GeoLite2-ASN.mmdb]], config databases [[]] and watching [/home/zhao/programs/elasticsearch-7.13.3/config/ingest-geoip] for changes
[2025-07-10T08:54:47,626][INFO ][o.e.i.g.DatabaseRegistry ] [t420vmanolis8-hljcors] initialized database registry, using geoip-databases directory [/tmp/elasticsearch-3846510251084368962/geoip-databases/88l16dIpTQq6zo_DwMyVCw]
[2025-07-10T08:54:51,523][INFO ][o.e.n.Node               ] [t420vmanolis8-hljcors] initialized
[2025-07-10T08:54:53,263][INFO ][o.e.n.Node               ] [t420vmanolis8-hljcors] started

浏览器打开地址：

3.2 生产环境最佳实践

3.2.1 配置开机启动【注册为 系统服务】

创建一个新的service文件，例如elasticsearch.service，路径为/etc/systemd/system/

sudo nano /etc/systemd/system/elasticsearch.service

添加内容如下：

[Unit]
Description=elasticsearch
After=network.target
[Service]
User=zhao
Group=zhao
WorkingDirectory=/home/zhao/programs/elasticsearch-7.13.3
ExecStart=/home/zhao/programs/elasticsearch-7.13.3/bin/elasticsearch
SuccessExitStatus=143
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target

重新加载systemd配置并启动服务

sudo systemctl daemon-reload
sudo systemctl start elasticsearch

查看服务状态：

sudo systemctl status elasticsearch

如果服务仍然启动失败，使用以下命令查看详细日志：

sudo journalctl -u elasticsearch -f

设置开机启动

sudo systemctl enable elasticsearch

2. 日志轮转配置

bash

# 编辑 /etc/logrotate.d/elasticsearch
/var/log/elasticsearch/*.log {
  daily
  rotate 7
  missingok
  compress
  delaycompress
  notifempty
  create 644 elasticsearch elasticsearch
}

1. 内存锁定配置（避免交换）
2. bash
3. # /etc/security/limits.conf
   elasticsearch - nofile 65535
   elasticsearch - memlock unlimited

重要提示： 后台启动方式 (-d) 适合开发测试，生产环境必须使用 systemd 或 SysV init 管理，确保进程崩溃后自动重启和日志集中管理。