Also struggling with TLS enabled HTTP in Docker

I’m trying to secure the web interface with TLS, which is working so far but API calls are not possible if enabled

Unable to call https://10.8.0.4:9000/api/system/metrics/multiple on node … Hostname 10.8.0.4 not verified: …

I’ve tried the same approach like
https://community.graylog.org/t/docker-tls-activation/288/6
“GRAYLOG_REST_TRANSPORT_URI” changed to “GRAYLOG_HTTP_PUBLISH_URI”
but with no avail, Web Fronted just reports “Not Found” after that

My Docker Env so far

• GRAYLOG_HTTP_ENABLE_TLS = true
• GRAYLOG_HTTP_TLS_CERT_FILE = /path_to/cert.crt
• GRAYLOG_HTTP_TLS_KEY_FILE = /path_to/cert.key
• GRAYLOG_HTTP_EXTERNAL_URI = https://fqdn:9000/
• GRAYLOG_HTTP_PUBLISH_URI = https://fqdn:9000/api/

Maybe someone can put me in the right direction
Graylog Version [4.0.5-1]

Thanks

Okay so now I see something…

https://fqdn:9000/ ← Not found
https://fqdn:9000/api/ ← Login Screen

Hello,
What kind of errors do you see in the log files (Graylog,Elasticsearch, etc…)?

This error normally occurs with Certificates but it could also be a misconfiguration.
I assume configuring HTTPS on any type of Graylog installations would be the same procedure.
There should be a few post here in the forum about HTTPS.
Maybe this might help.

https://community.graylog.org/search?q=docker%20https

As far as I can tell, there are no further errors when using the env variables listed above
Syslog and Beats input are running fine, website is available and manageable when login is done over https://fqdn:9000/api/, unverified hostname error is also gone.
Only thing I noticed is that the docker integrated healthcheck is reporting the container as unhealthy because, as far as i understand the health shell script, the host is not reachable from inside?
And yeah, website not reachable, respectively “Not Found” if “/api/” is not appended to the URL

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.