Hi everyone,
I need to configure https in ngnix for graylog version 2.3. I have already configured it but I think I have my graylog.server file incorrectly configured because it give me a 503 error in the browser and I don’t know what happens…

can you help me please?

My configuration of Ngnix ;
server
{
listen 443 ssl ;
server_name graylog.dominio.com;
# <- your SSL Settings here!
ssl_certificate /etc/ssl/certs/graylog/graylog.crt ;
ssl_certificate_key /etc/ssl/certs/graylog3/graylos.key;
#ssl_trusted_certificate /etc/ssl/certs/graylog3/graylog.crt;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

location /
{
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Graylog-Server-URL https://$server_name/api;
  proxy_pass       http://127.0.0.1:9000;
     }

}

My configuration of graylog is ,

###############

HTTP settings

###############

Default: 192.168.2.4
http_bind_address = 192.168.2.4:9000

################

HTTPS settings

################

Enable HTTPS support for the HTTP interface

http_enbale_tls = true
http_tls_cert_file = /etc/ssl/certs/graylog3/graylog.crt
http_tls_key_file = /etc/ssl/certs/graylog3/graylog.key
http_tls_key_password = secret
elasticsearch_max_docs_per_index = 50000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
lb_recognition_period_seconds = 3

Note :
I think I have problems with my graylog version 2.3.6 configuration file to configure it with https.

ERRO–> 502 Bad Gateway

i need our help, please !!!

Many thanks.

hi again,

i am try -> Graylog3 with https (easy tutorial) , and in step 13 it gives me a failure that I don’t understand why?
the error is ,
keytool -list -v -keystore graylog_keystore.jks -alias graylog.dominio.com
Enter keystore password:
keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1058)
at java.base/sun.security.tools.keytool.Main.run(Main.java:405)
at java.base/sun.security.tools.keytool.Main.main(Main.java:398)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
… 6 more

Thanks .

Hi everyone,
I have managed to solve the problem, The problem was in the password. now the error I have is the browser is not able to load the graylog in the browser. I need to know how I can configure my server.conf file so that it can resolve https in my browser, Can you help me ?
Graylog server 3.2.6

Many many thanks
peter

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.