My head is spinning so, I need to check…
I have nginx reverse proxy that serves https.
Is it correct to use that same cert and key for graylog, when enabling tls (for https traffic) ?
So when adding cert and key as serverFiles for enabling the TLS, I only need to make sure that they are in correct format?
I keep getting “Caused by: java.security.KeyException: No private key found in file: /etc/graylog/server/server.key”
But file exists. Would the execption be be same if it would be about the format?
And If I add the files as serverFiles, I guess the permissions are correct out of the box?
(graylog 1.7.9 · KongZ/kong-z)
Maybe I can help you on this issue.
Yes its posible to use the same certs, and I have for my lab Graylog 4.0.6 Server.
I’m using Apache, but I believe you can also use you certs with Nginx.
Yes, also depeneds on where and how you created your certs.
Can Graylog access those Certs?
What method did you use to create you Certs for Graylog?
This may help.
Caused by: java.security.KeyException: No private key found in file:
I havent used that before so I’m unsure.
you can check with this, I’ve done the same setting from Graylog offical page and it worked for me!
listen 443 ssl http2;
# ← your SSL Settings here!
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
Thank you so much for advices.
Managed to add cert and key correctly. TLS is now enabled.
But now I’m getting “502 bad gateway - nginx”, for both http and https.
Edit: fixed the 502, needed annotation for nginx:
Web interface is working now on https. But /api is failing, I quess I need to add cert JVM trust store and use it, as pointed out in documentation.
Just having trouble to add do it on k8s, makes me wonder it would be nice to have ca signed certificate. Atm, trying to follow script over here: [stable/graylog] elasticsearch and tls · Issue #17399 · helm/charts · GitHub
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.