I’m trying to get HTTPS setup on a dev machine. I’m using a Vagrantfile from the docs to spin up a VM for testing. I have created a cert and pkcs8 encrypted private key from the commands in the docs.
openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config openssl-graylog.cnf -keyout pkcs5-plain.pem -out cert.pem
Then convert the pkcs5 key into a pkcs8 encrypted key using openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem followed by:
In the VM, I don’t have a /etc/graylog/server/server.conf file but I do have a /opt/graylog/conf/graylog.conf file and a /opt/graylog/server/graylog.conf.example file. Does graylog use the file in /opt/graylog/conf/graylog.conf by default or do I need to copy the file in /opt/graylog/server/graylog.conf.example to /etc/graylog/server/server.conf?
After modifying the appropriate configuration file, do I sudo graylog-ctl reconfigure then sudo graylog-ctl restart?
Do I also have to move the self signed keys to /opt/graylog/conf/nginx/ca with the appropriate names: graylog.crt and graylog.key?
Why does the documentation use *.pem files and the configuration files use *.crt and *.key files
If I’m only supposed to use graylog-ctl script to implement HTTPS, how do I load the private key and ssl_cert? Or is their a config file I need to modify manually? NOTE: I don’t have a /etc/graylog/server/server.conf file
if the possible customizations in the OVA does not match your needs, you should install Graylog yourself. Keep in mind the OVA is build as a showcase, not to be run as a production build.
So, to understand the setup correctly. The images, OVA, AMI, docker are setup as a showcase of graylog. They aren’t designed to be deployed in production environments and come setup with custom paths for elasticsearch, nginx, etcd, etc and scripts?
After we decide to use graylog, we abandon the AMI, OVA, docker and install/configure all the components manually for a production system?
I was trying to “test” https on my local machine using, in this case, the vagrantfile then deploy my settings onto the graylog AMI we have running in production.