Graylog in HTTPS mode with Docker-Compose

Hello,

I would like to switch my wonderfull Graylog instance from HTTP to HTTPS mode.
I have a valide wildcard certificate. I put it into my container, but it doesn’t work. I don’t know which option is not correctly set in my docker-compose file.

Could you help me ?

version: '2'

services:

MongoDB: https://hub.docker.com/_/mongo/

mongodb:
image: mongo:3

Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html

elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- “ES_JAVA_OPTS=-Xms512m -Xmx512m”
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g

Graylog: https://hub.docker.com/r/graylog/graylog/

graylog:
image: graylog/graylog:3.1
hostname: fqdn.lan
container_name: graylog
volumes:
# Mount local configuration directory into Docker container
- /graylog/plugin/graylog-plugin-enterprise-3.1.3.jar:/usr/share/graylog/plugin/graylog-plugin-enterprise-3.1.3.jar
- /graylog/plugin/graylog-plugin-enterprise-integrations-3.1.3.jar:/usr/share/graylog/plugin/graylog-plugin-enterprise-integrations-3.1.3.jar
- /graylog/plugin/graylog-plugin-integrations-3.1.3.jar:/usr/share/graylog/plugin/graylog-plugin-integrations-3.1.3.jar
- /graylog/lookup-tables/:/etc/graylog/lookup-tables/
- /graylog/certs/gris.crt:/usr/share/graylog/data/config/ssl/cert.crt
- /graylog/certs/gris.key:/usr/share/graylog/data/config/ssl/key.key
environment:
- GRAYLOG_IS_MASTER=true
- GRAYLOG_PASSWORD_SECRET=XXXX
- GRAYLOG_ROOT_PASSWORD_SHA2=XXXX
- GRAYLOG_REST_ENABLE_TLS=true
- GRAYLOG_WEB_ENABLE_TLS=true
- GRAYLOG_REST_TLS_CERT_FILE=/usr/share/graylog/data/config/ssl/cert.crt
- GRAYLOG_REST_TLS_KEY_FILE=/usr/share/graylog/data/config/ssl/key.key
- GRAYLOG_WEB_TLS_CERT_FILE=/usr/share/graylog/data/config/ssl/cert.crt
- GRAYLOG_WEB_TLS_KEY_FILE=/usr/share/graylog/data/config/ssl/key.key
- GRAYLOG_REST_TLS_KE_PASSWORD=XXXX
- GRAYLOG_WEB_TLS_KE_PASSWORD=XXXX
- GRAYLOG_WEB_ENDPOINT_URI=https://fqdn.lan/
- GRAYLOG_TRANSPORT_EMAIL_ENABLED=true
- GRAYLOG_TRANSPORT_EMAIL_HOSTNAME=smtp.server.lan
- GRAYLOG_TRANSPORT_EMAIL_PORT=25
- GRAYLOG_TRANSPORT_EMAIL_USE_AUTH=false
- GRAYLOG_TRANSPORT_EMAIL_USE_TLS=false
- GRAYLOG_TRANSPORT_EMAIL_USE_SSL=false
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 443:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# GELF UDP
- 5414:5414/udp
# FORWARDER
- 13301:13301
# FORWARDER
- 2056:2056/udp

NB : I don’t see any error in docker logs, but I have a “Connection refused” OR “Time-out Error” on web page

Thanks for your help

Hello,

Is there somebody how can help me ?

Thanks

you might want to re-read the docs

https://docs.graylog.org/en/3.2/pages/configuration/server.conf.html#web-rest-api

the used parameters rest_* and web_* are not present anymore and replaced by others.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.