Graylog not starting via HTTPS

Graylog Central (peer support)
1

1. Describe your incident:
My dashboard is not being loaded in HTTPS at port 9000

2. Describe your environment:

  • OS Information:

Operating System: Ubuntu 22.04.1 LTS
Kernel: Linux 5.17.0-1020-oem
Architecture: x86-64

  • Package Version: Graylog 4.1, mongoDB 4.4

  • Service logs, configurations, and environment variables:

systemctl status from graylog (issued):
graylog-server[79052]: 23:41:38.322 [main] ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *http:// 192.168. 15.168: 9200/… - \n not found: limit=0 content=….

/etc/graylog/server/server.conf:
elasticsearch_hosts = http ://user:pw@192. 168. 15.168: 9200 (user pw differente from this print)
password_secret = j2tB(…)G8iv
root_password_sha2 = 8(…)fd
http_bind_address = 0.0.0.0:9000

opensearch_dashboards.yml:
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: *htt ps://1 92.168.15.16 8:9 200
opensearch.ssl.verificationMode: certificate

Root CA imported with successfull:
Command:keytool -importcert -keystore /etc/graylog/server/certs/cacerts -storepass changeit -alias root_ca -file /etc/graylog/server/certs/root-ca.pem

Alias name: root_ca
Creation Date: Nov 16 from 2022
Entry type: trustedCertEntry

Owner: L=California, O=Wazuh, OU=Wazuh
Issuer: L=California, O=Wazuh, OU=Wazuh
Serial number: 3(…)3
Valid from: Wed Nov 16 11:58:18 EDT 2022 until: Sat Nov 13 11:58:18 EDT 2032
Certificate Fingerprints:
SHA1: A0:…:34
SHA256: 88:…:3A: 0B:…F3
Signature Algorithm Name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 96 … 6F …xU.C…A…to
0010: 4E … N%…
:brazil:
:brazil:

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
:brazil:

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 96 … 6F …xU.C…A…to
0010: 4E … N%…
:brazil:
:brazil:

/etc/default/graylog-server (line to gralyog uses the ssl certificate):
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/graylog/server/certs/cacerts -Djavax.net.ssl.trustStorePassword=changeit”

3. What steps have you already taken to try and solve the problem?
Restart the graylog service and validate the config, with the correct setup, the graylog cannot start the service to open GUI (even with status running), the htt ps://i p:920 0 does not load the GUI and service has the status:
ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *htt p:/ /192 .1 68.15.16 8:9200/… - \n not found: limit=0 content=…

4. How can the community help?
Please, kidnly help me to evaluate what is wrong in this configuration between wazhu and gralyog to uses SSL for HTTPS.

Thank you and Best Regards,

2

1881×378 19.2 KB

3

image
image1241×348 16.4 KB

4

image
image1540×520 16.6 KB

5

I had a similar issue in the past.
To fix it, I edited /etc/graylog/server/server.conf and added:

elasticsearch_version = 7

Then restarted Graylog.

I assume that your GL server can reach ES.

Do the files
/etc/wazuh-dashboard/certs/dashboard-key.pem
and
/etc/wazuh-dashboard/certs/dashboard.pem

have the right permissions for the graylog user to read them?

If you accept a suggestion, install and configure nginx as a reverse proxy and access GL on port 80 or 443. Makes things easier…

HTH

1 Like
7

Hi m_mlk

Thank you for your sugestion, I will not perform at this time, while I need to finish this install at least.

Regarding your fix, does not worked for me, see that I’ve edit the file with version proposed
3

Also see that certs has the readle chmod values 444 for root, users and everyone:
(I’ll sent in trailling below)

But even do, system is not found by Graylog after a restart
(I’ll sent in trailling below)

Thank you for your help.

8

2

9

image
image1888×360 24.1 KB

10

I Found the fix guys, is totally simples.

Just edit the /etc/graylog/server/server.conf at the elasticsearch_hosts from http to https

from elasticsearch_hosts = http://:@:9200
to elasticsearch_hosts = https://:@:9200

image
image1881×355 17.2 KB

1 Like
11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.