Healthcheck fails for graylog container, GRAYLOG_HTTP_PUBLISH_URI doesn't get set in graylog.conf

Graylog Central (peer support)
5

So I got it working now, there were a few problems with my setup.

Reason number one was because the Certificates were only internal, self signed certificates that couldn’t be handled by the java keystore. I could have put my CA in the keystore, but that would have been really messy.

The fix was to issue new Let’s Encrypt certificates that are issued by the CA of the company I’m working at. Still internal certificates, but a trusted CA.

I then reconfigured the files a bit, so now I don’t have to copy any certificates or replace the config file. All I need is the docker-compose.yml and the certificates at the location Let’s Encrypt puts them anyway.
docker-compose.yml:

version: '2.1'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:4.2
    volumes:
      - mongo_data:/data/db
   # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.2-jre11
    volumes:
      - graylog_data:/usr/share/graylog/data
      - /etc/letsencrypt/live/host.domain.ch/:/etc/ssl/certs/graylog/
      - /etc/letsencrypt/archive/host.domain.ch/:/etc/ssl/archive/host.domain.ch/
    environment:
      - TZ=Europe/Zurich
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=secretpasswordforgraylog
      # Password: admin
      - GRAYLOG_TIMEZONE=Europe/Zurich
      - GRAYLOG_ROOT_TIMEZONE=Europe/Zurich
      - GRAYLOG_ROOT_PASSWORD_SHA2=35af527f0ab05beafebc6e341127f338c12edfc7479c07f7869721840665bcee
      - GRAYLOG_HTTP_EXTERNAL_URI=https://host.domain.ch:9000/
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_HTTP_PUBLISH_URI=https://host.domain.ch:9000/
      - GRAYLOG_WEB_ENDPOINT_URI=https://host.domain.ch:9000/
      - GRAYLOG_HTTP_ENABLE_CORS=true
      - GRAYLOG_HTTP_ENABLE_TLS=true
      - GRAYLOG_HTTP_TLS_CERT_FILE=/etc/ssl/certs/graylog/fullchain.pem
      - GRAYLOG_HTTP_TLS_KEY_FILE=/etc/ssl/certs/graylog/privkey.pem
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    links:
        - mongodb:mongo
        - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local
1 Like