Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I set up Graylog in a Docker environment with compose following the documentation. Everything works like a charm and I wanted to set up Active Directory authentication for my coworkers. All the steps to set it up was good, but at the end I am unable to activate the service. I try to restart the stack, but nothing change.
2. Describe your environment:
-
OS Information:
The host is Debian Bookworm.
Docker is on version 25.0.3, containerd.io version 1.6.28-1.
Graylog is behind a NGinX reverse proxy. -
Package Version:
In my compose file I set :
Graylog: graylog/graylog:5.2.7
MongoDB: mongo:6.0.15
Opensearch: opensearchproject/opensearch:2.13.0 -
Service logs, configurations, and environment variables:
Here my compose.yml
services:
graylog:
container_name: graylog
hostname: graylog
image: graylog/graylog:5.2.7
restart: unless-stopped
depends_on:
graylog-opensearch:
condition: service_started
required: true
graylog-mongodb:
condition: service_started
required: true
networks:
- graylog
ports:
- "9000:9000/tcp" # Server API & WebUI
# - "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5555:5555/tcp" # RAW TCP
# - "5555:5555/udp" # RAW TCP
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
# - "13301:13301/tcp" # Forwarder data
# - "13302:13302/tcp" # Forwarder config
# - "10000:10000/tcp" # Optional Custom TCP port
# - "10000:10000/udp" # Optional Custom UDP port
environment:
- 'GRAYLOG_ROOT_TIMEZONE=Europe/Paris'
- 'GRAYLOG_HTTP_EXTERNAL_URI=http://graylog.sterimed.local/'
- 'GRAYLOG_ROOT_USERNAME=admin'
- 'GRAYLOG_ROOT_PASSWORD_SHA2=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
- 'GRAYLOG_PASSWORD_SECRET=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
- 'GRAYLOG_ELASTICSEARCH_HOSTS=http://admin:xxxxx@graylog-opensearch:9200'
- 'GRAYLOG_MONGODB_URI=mongodb://graylog-mongodb:27017/graylog'
- 'GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000'
- 'GRAYLOG_PUBLISH_URI=http://graylog.sterimed.local/'
- 'GRAYLOG_NODE_ID_FILE=/usr/share/graylog/data/config/node-id'
- 'GRAYLOG_IS_LEADER=true'
- 'GRAYLOG_ELASTICSEARCH_SHARDS=1'
- 'GRAYLOG_ELASTICSEARCH_REPLICAS=0'
- 'GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE=5gb'
entrypoint: "/usr/bin/tini -- wait-for-it graylog-opensearch:9200 -- /docker-entrypoint.sh"
volumes:
- /mnt/docker/graylog/usr/share/data/data:/usr/share/graylog/data/data"
- /mnt/docker/graylog/usr/share/data/journal:/usr/share/graylog/data/journal"
graylog-mongodb:
container_name: graylog-mongodb
image: mongo:6.0.15
restart: unless-stopped
networks:
- graylog
volumes:
- /mnt/docker/graylog-mongodb/data/db:/data/db
graylog-opensearch:
container_name: graylog-opensearch
image: opensearchproject/opensearch:2.13.0
restart: unless-stopped
networks:
- graylog
environment:
- 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
- 'bootstrap.memory_lock=true'
- 'discovery.type=single-node'
- 'DISABLE_INSTALL_DEMO_CONFIG=true'
- 'DISABLE_SECURITY_PLUGIN=true'
- 'OPENSEARCH_USERNAME=admin'
- 'OPENSEARCH_PASSWORD=xxxxxx'
- 'cluster.name=opensearch-cluster'
- 'node.name=opensearch-master'
- 'node.master=true'
- 'node.data=true'
- 'node.ingest=true'
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /mnt/docker/graylog-opensearch/usr/share/data:/usr/share/opensearch/data
networks:
graylog:
name: graylog
3. What steps have you already taken to try and solve the problem?
Restart the stack and analyze logs, but nothing happened in the logs.
I also tried to recreate it.
4. How can the community help?
Help me to find the way on how to activate the authentication service. Maybe I miss something in the configuration as it’s the first time I use Graylog.