Graylog on port 443

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Hi,
I’ve tried to run graylog on port 443 so I’ve changed the entry in /etc/graylog/server/server.conf to

http_bind_address = syslog2.izum.pri:443

and restarted graylog-server. The server started but it’s actually restarting all over according to the server.log.

Via https://<server.domain>:443, I can’t connect to Graylog.

Thx for any suggestion.
Miloš

2. Describe your environment:

  • OS Information: AlmaLinux 8

Hi @milos,

There is more to enabling TLS than simply changing the ports. Please review these pages in the docs. The second link is how to configure Graylog, the first is how to set up a CA, if you don’t already have one.

https://go2docs.graylog.org/5-0/setting_up_graylog/generating_graylog_certificates_and_keys_with_ms_ad_cs.html

https://go2docs.graylog.org/5-0/setting_up_graylog/secured_graylog_and_beats_input.html

Hi @chris.black-gl ,

Thx for your suggestion. In fact, TLS was already configured and works fine on port 9000.

Regards,
Miloš

So TLS works on 9000? Good.

Is there a reason it needs to run on port 443, or was that just the first thing you tried?

Yes, TLS works fine on port 9000.
There’s no special reason to switch to port 443.

In case this is helpful, there are a few “sharp edges” regarding TLS and graylog. I’ve documented as many as I could find via How-To Guide: Securing Graylog with TLS

In your case, (making some assumptions here, such as you installed graylog via the package and graylog runs as user graylog) i believe you may be running into the “non root linux users cannot bind to network ports lower than 1024” issue. There is a section towards the end that talks about this but the summary is you can add AmbientCapabilities=CAP_NET_BIND_SERVICE to your graylog service file.

Hope that helps.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.