EC2 docker-compose config (IP problem)

Graylog Central (peer support)
1

I’m a beginner with graylog and have difficulties on EC2 with the docker-compose solution.

Config:
GRAYLOG_HTTP_EXTERNAL_URI=http://MyElasticIP:9000/

Limited inbound rules.

9000 TCP 0.0.0.0/0 default_allow_limited
22 TCP 0.0.0.0/0 default_allow_limited
5555 TCP 0.0.0.0/0 default_allow_limited

For the external URI I’ve also tried 0.0.0.0 ,but no success with the error:

We are experiencing problems connecting to the Graylog server running onhttp://MyElasticIP:9000/api/ . Please verify that the server is healthy and working correctly.

What I’m missing, unfortunately I found no hint googleing.
Thanks in advance!,
Christian

4

Hey there,

I noticed you’re referencing MyElasticIP in your post. Just a note that if that’s accurate, Elastic listens on 9200, so you wouldn’t see the Graylog UI there anyways. I’d recommend posting your full Docker compose config so that the community can better assist.

5

Good point , I meant ElasticIP in terms of AWS.

Here are the configuration I used (including minor terraform script).

Thank you.
Christian

6

Thanks! That’s quite helpful. I don’t see anything that immediately sticks out, but I’d be keen to know what the Docker logs are saying. I’ll also post my standard docker-compose file that I use:

version: '3'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongo:
    image: mongo:4
    container_name: mongodb
    networks:
      - graylog
    ports:
      - 27018:27017
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    container_name: elasticsearch
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    deploy:
      resources:
        limits:
          memory: 1g
    ports:
      - 9200:9200
    networks:
      - graylog
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog-enterprise:4.0.8
    container_name: graylog
    environment:
      - GRAYLOG_PASSWORD_SECRET=IndeedThisIsASecret
      - GRAYLOG_ROOT_PASSWORD_SHA2=OhYesThisIsMyPassword
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
      - GRAYLOG_ELASTICSEARCH_VERSION=7
      - GRAYLOG_HTTP_ENABLE_CORS=true
    networks:
      - graylog
    depends_on:
      - mongo
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
networks:
  graylog:
    driver: bridge

The two options that I’ve added ( GRAYLOG_ELASTICSEARCH_VERSION=7 and GRAYLOG_HTTP_ENABLE_CORS=true) have helped me in the past, as the first forces Graylog to just use Elasticsearch 7 rather than attempting to autodiscover the version, and the 2nd as that’s pretty much necessary at this point with any Graylog deployment.

But again, seeing the Docker logs might give some more direction, if you’re able to provide them.

7

Great replacing GRAYLOG_HTTP_EXTERNAL_URI with the external IP adress from the EC2 machine works now!

Thank you, Christian

1 Like
8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.