Graylog-ctl AMI HTTPS issues

Currently I am running 3 instances with the graylog ami (graylog-2.4.6-1).
2 for elastic seatch and 1 for web/mongo.

When doing a fresh install, I have no issues getting everything up and running, but whenever I attempt to add SSL, it all blows up.

Steps taken on webserver:

• Copy SSL cert/keys into opt/graylog/conf/nginx/ca/graylog.crt and /opt/graylog/conf/nginx/ca/graylog.key
• graylog-ctl set-admin-password
• graylog-ctl enforce-ssl
• graylog-ctl set-external-ip https://<domain_name>:9000/api/ (note: I’ve already with public IP as well. With or without SSL as well)
• graylog-ctl reconfigure-as-server

(Pretty much following the directions from http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html#install-custom-ssl-certificates )

Once restarted it comes up and starts to load and provides the following error:
We are experiencing problems connecting to the Graylog server running on https://<domain_name>:9000/api/ . Please verify that the server is healthy and working correctly.

I’m kind of at a loss and have searched on this issue without finding a resolution.

Hi,
did you follow the ‘Multi VM’ steps documented here: http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html#multi-vm-setup
Especially the set-cluster-master command is essential to propagate the IP addresses of all nodes in the cluster.

Another option to locate the problem would be to start with a single note that runs all services ( graylog-ctl enable-all-services followed by graylog-ctl reconfigure) if SSL and the external IP works there start to add Elasticsearch nodes to the cluster.

Cheers,
Marius

Tried to run it all on one box, with the same errors. Here’s what I did (in case i missed a step)

1. graylog-ctl cleanse
2. graylog-ctl set-admin-password XXXXXXXX
3. graylog-ctl set-external-ip http://<IP_ADDRESS>:9000/api/
4. graylog-ctl reconfigure
5. graylog-ctl status

This works fine. Status shows all services up and I can access the page. No problems. I then move my letsencrypt SSL files into the directory specified in the documents (after deleting the old ones):

6. rm -f /opt/graylog/conf/nginx/ca/graylog.crt
7. rm -f /opt/graylog/conf/nginx/ca/graylog.key
8. cp /etc/letsencrypt/live/<DOMAIN_NAME>/fullchain.pem /opt/graylog/conf/nginx/ca/graylog.crt
9. cp /etc/letsencrypt/live/<DOMAIN_NAME>/privkey.pem /opt/graylog/conf/nginx/ca/graylog.key

Now, I enforce-SSL and reconfigure.
10. graylog-ctl enforce-ssl
11. graylog-ctl reconfigure

Navigate to the sites using the domain name, and the SSL cert is valid. However, I am still receiving the following error:

We are experiencing problems connecting to the Graylog server running on http://<IP_ADDRESS>:9000/api/ . Please verify that the server is healthy and working correctly.

More details show:

Error message
Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.

Original Request
GET http://<IP_ADDRESS>:9000/api/system/sessions

Status code
undefined

Full error message
Error: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.

I’ve tried the following commands (for science) with the same corresponding errors as well:

graylog-ctl set-external-ip https://<DOMAIN_NAME>:9000/api/

One thing to notes, I can get a reply when trying the following as well, so it seems like it is working over http still:

curl http://<IP_ADDRESS>:9000/api/sessions
curl http://<DOMAIN_NAME>:9000/api/sessions

Looks like Nginx doesn’t like the Letsencrypt cert. Do you see any related errors in the log?

While doing a cleanse to test again, somehow I actually got it working.

Only step I didn’t do was graylog-ctl set-external-ip http://<IP_ADDRESS>:9000/api/. Weird that omitting that allowed everything to work, but as long as it’s working and I can test, Im good. Thanks for the recommendations and help!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.