Hey there, I get your frustration and understand that TLS isn’t the easiest thing to implement. One thing I’ll note: we have a category template that is designed to gather information when you open a topic. It’s there to help folks in the community better help you–the more information you provide, generally the speedier resolution you’ll have.
That said, it’s not clear what you’ve tried and what you’ve not tried. See How to Post a Question in the Community that Gets Responses. So, walk us through, step by step, what you’ve done. Are you using self-signed certs? If so, did you follow the docs for enabling TLS on Graylog?
From what you’ve provided, it definitely doesn’t seem like you’ve followed the docs and have all the attributes configured in server.conf to enable TLS. See my config below:
Aaron's Graylog Config
root@logs00:~# cat /etc/graylog/server/server.conf
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = THISISASECRETDONTTELLANYONE
root_password_sha2 = SHHSHHSHHSHHAAAAAAA2
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 0.0.0.0:9000
http_enable_cors = true
elasticsearch_hosts = http://elastisearch00.example.com:9200,http://elasticsearch01.example.com:9200,http://elasticsearch02.example.com:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://mongo00.example.com:27017,mongo01.example.com:27017,mongo02.example.com:27017/graylog?replicaSet=rs0
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32
versionchecks = false
http_enable_tls=true
http_tls_cert_file=/etc/graylog/ssl/fullchain.pem
http_tls_key_file=/etc/graylog/ssl/privkey.pem
http_publish_uri=https://logs00.example.com:9000/
auditlog_log4j_enabled = true
auditlog_log4j_logger_name = gl-org.graylog.plugins.auditlog
auditlog_log4j_marker_name = AUDIT_LOG
elasticsearch_version = 7
prometheus_exporter_enabled = true
prometheus_exporter_bind_address = 0.0.0.0:9833
Of particular interest are the http_ attributes, which you can see here:
http_bind_address = 0.0.0.0:9000
http_enable_cors = true
http_enable_tls=true
http_tls_cert_file=/etc/graylog/ssl/fullchain.pem
http_tls_key_file=/etc/graylog/ssl/privkey.pem
http_publish_uri=https://logs00.example.com:9000/
I can’t really speak to using self-signed certs, as I use letsencrypt, which works great for my lab. So that said, using TLS on Graylog works.
The other part of what the community is missing is your logs. Given that this is a log management software, that’s often the very first thing that folks will ask for and there’s often useful information that will tell you why TLS isn’t working.
So, please provide your full config and your logs–they’ll both be necessary for folks in the community to continue to help you get your issue resolved.