Graylog 3.0.2 docker with https settings problem

Graylog Central (peer support)
, , ,
1

Hi,
i would like single docker container with https.
Could you give me advice for https settings for docker compose file?
status is unhealthy, and after restart there are errors.
My docker compose is:

version: '2'
networks:
  default:
    external:
      name: dockergraylog_default
services:
  graylog:
    image: graylog/graylog:3.0.2
    container_name: graylog
    restart: always
    volumes:
      - /opt/graylog_etc/server:/etc/graylog/server
      - /opt/graylog_etc/plugin:/usr/share/graylog/plugin
    environment:
      - GRAYLOG_IS_MASTER=true
      - GRAYLOG_ROOT_TIMEZONE=Europe/Bratislava
      - GRAYLOG_ELASTICSEARCH_SHARDS=1
      - GRAYLOG_ELASTICSEARCH_REPLICAS=0
      #- GRAYLOG_INDEX_PREFIX=graylog
      - GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE=3gb
      - GRAYLOG_SERVER_JAVA_OPTS=-Xms3g -Xmx3g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/etc/graylog/server/cacerts.jks
      - GRAYLOG_PASSWORD_SECRET=secret
      # Password: echo -n password | shasum -a 256
      - GRAYLOG_ROOT_PASSWORD_SHA2=passwordshasum
      - GRAYLOG_HTTP_PUBLISH_URI=https://graylogfqdn:9000/
      - GRAYLOG_HTTP_EXTERNAL_URI=https://graylogfqdn:9000/
      - GRAYLOG_HTTP_ENABLE_TLS=true
      - GRAYLOG_HTTP_TLS_CERT_FILE=/etc/graylog/server/graylogfqdn-certificate.pem
      - GRAYLOG_HTTP_TLS_KEY_FILE=/etc/graylog/server/graylogfqdn-key.pem
      - GRAYLOG_HTTP_TLS_KEY_PASSWORD=pass_to_cert
    links:
      - mongo
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      - 443:443
      # INPUT
      - 20800:20800

I have some error logs with java concstructor:

9) Error injecting constructor, java.lang.NullPointerException
  at org.graylog2.shared.buffers.ProcessBuffer.<init>(ProcessBuffer.java:59)
  at org.graylog2.shared.bindings.GenericBindings.configure(GenericBindings.java:60)
  while locating org.graylog2.shared.buffers.ProcessBuffer
    for the 1st parameter of org.graylog2.buffers.Buffers.<init>(Buffers.java:43)
  while locating org.graylog2.buffers.Buffers
    for the 1st parameter of org.graylog2.initializers.BufferSynchronizerService.<init>(BufferSynchronizerService.java:51)
  at org.graylog2.initializers.BufferSynchronizerService.class(BufferSynchronizerService.java:39)
  while locating org.graylog2.initializers.BufferSynchronizerService
Caused by: java.lang.NullPointerException
        at org.graylog2.streams.StreamRuleMatcherFactory.build(StreamRuleMatcherFactory.java:31)
        at org.graylog2.streams.StreamRouterEngine$Rule.<init>(StreamRouterEngine.java:278)
        at org.graylog2.streams.StreamRouterEngine.<init>(StreamRouterEngine.java:98)
        at org.graylog2.streams.StreamRouterEngine$$FastClassByGuice$$c6190f39.newInstance(<generated>)
        at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
        at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1050)
        at com.google.inject.assistedinject.FactoryProvider2.invoke(FactoryProvider2.java:836)
        at com.sun.proxy.$Proxy41.create(Unknown Source)
        at org.graylog2.streams.StreamRouter$StreamRouterEngin

or this log:

2019-06-26 11:55:53,004 ERROR: org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - Couldn't find collector 'filebeat on linux' fixing it.
2019-06-26 11:55:53,004 INFO : org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - filebeat collector on linux is missing, adding it.
2019-06-26 11:55:53,041 ERROR: org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - Couldn't find collector 'winlogbeat on windows' fixing it.
2019-06-26 11:55:53,041 INFO : org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - winlogbeat collector on windows is missing, adding it.
2019-06-26 11:55:53,046 ERROR: org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - Couldn't find collector 'nxlog on linux' fixing it.
2019-06-26 11:55:53,046 INFO : org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - nxlog collector on linux is missing, adding it.
2019-06-26 11:55:53,052 ERROR: org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - Couldn't find collector 'nxlog on windows' fixing it.
2019-06-26 11:55:53,053 INFO : org.graylog.plugins.sidecar.migrations.V20180212165000_AddDefaultCollectors - nxlog collector on windows is missing, adding it.
2019-06-26 11:55:53,084 INFO : org.graylog2.migrations.MigrationHelpers - Sidecar System (Internal) role is missing or invalid, re-adding it as a built-in role.
2019-06-26 11:55:53,088 ERROR: org.graylog2.migrations.MigrationHelpers - Invalid user 'graylog-sidecar', fixing it.
2019-06-26 11:55:53,089 INFO : org.graylog2.migrations.MigrationHelpers - graylog-sidecar user is missing or invalid, re-adding it as a built-in user.
2019-06-26 11:55:53,301 INFO : org.graylog.plugins.sidecar.migrations.V20180601151500_AddDefaultConfiguration - Creating Sidecar cluster config: SidecarConfiguration{sidecarExpirationThreshold=P14D, sidecarInactiveThreshold=PT1M, sidecarUpdateInterval=PT30S, sidecarSendStatus=true, sidecarConfigurationOverride=false}
adding environment opts
2

please format your posting that would make it more readable.

  1. did you have the checked that you do not overwrite any content with your volumen mount?
  2. is graylogfqdn resolving to the container adress that Graylog binds to? (default is 127.0.0.1) …
  3. does your certificate include ip and hostname?
3

Hi, thanks for your reply.
I have formated my post.

  1. did you have the checked that you do not overwrite any content with your volumen mount?
    after recreating docker container, i will overwrite / connect to data volumes for mongo/elastic, but i could be ok? I have to connect to existing indices/mongo db.
    In volumes /opt/graylog_etc/server and /opt/graylog_etc/plugin are plugins for version of graylog and config/certificates.

  2. is graylogfqdn resolving to the container adress that Graylog binds to? (default is 127.0.0.1)
    yes, i had logs about resolving problem, it was resolved. Docker compose is ok for https? I did not find docker compose for https settings, I found only for http.
    Could you post docker compose for https? or how to give https not only for web gui but for api too. With nginx it is possible to configure https for web gui, but i do not know make it for graylog api. Some example, please?

  3. does your certificate include ip and hostname?
    Certificate include only hostname. Should be ip too?

thanks very much.

4

Hi,
please, do you have functional docker-compose with https?

Is unhealthy status ok with https settings in docker container?

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.