Hi Guys,
version: ‘2’
mongodb:
elasticsearch:docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
graylog:
- GRAYLOG_REST_TLS_CERT_FILE=/certs/graylog.crt
- GRAYLOG_REST_TLS_KEY_FILE=/certs/graylog.key
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
- 443:443
- 443:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
volumes:
And I have configured https in my docker config and it starts fine and was able to access web interface via https. But the input doesn’t start and below is my docker config.
ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I think it’s related to adding to Keystore I know how to do it regular Graylog server
NOTE: certificate is not self signed
can anyone help me out on how to do this using docker?
Hi Guys,
Can anyone point me in the right direction for this ?
jan
March 9, 2020, 1:17pm
3
yes @kvenkat971
I guess that the first non-loopback ip in this setup is not part of your certificate - what means the validation chain is not valid.
thanks @jan
I have like two certificates one for web and one for rest tls which includes the IP address but I still get the same error .
version: ‘2’
mongodb:
elasticsearch:docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
graylog:
volumes:
Can you let me know is there anything wrong with my config ?
jan
March 9, 2020, 3:03pm
5
I do not know where you get the feeling from that you need to use
- GRAYLOG_REST_ENABLE_TLS=true
- GRAYLOG_REST_TLS_CERT_FILE=/certs/ip.crt
- GRAYLOG_REST_TLS_KEY_FILE=/certs/ip.key
- GRAYLOG_REST_TLS_KEY_PASSWORD=secret
that configuration parameter is not given anymore in Graylog 3.2
you need one certificate that is able to verify the http_external_uri and the http_publish_uri at the same time.
@jan ,
I tried that configuration only because I had the same error for the below config which my original config is based on
- GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.sysnetgs.com:9000/
- GRAYLOG_HTTP_PUBLISH_URI=https://graylog.sysnetgs.com:9000/
- GRAYLOG_HTTP_ENABLE_TLS=true
- GRAYLOG_HTTP_TLS_CERT_FILE=/certs/graylog.crt
- GRAYLOG_HTTP_TLS_KEY_FILE=/certs/graylog.key
let me know if there is anything worng in the above
jan
March 9, 2020, 3:33pm
7
he @kvenkat971
does graylog.sysnetgs.com resolve to a local ip on that container for the container itself?
@jan , yes it does resolve
@jan , I can’t seem to find the location for java in docker Graylog. can you help me out with the location?
I’m using Graylog 3.2.2
jan
March 12, 2020, 1:26pm
10
is this a self signed certificate?
if yes you need to add this to a java keystore and add this keystore to the startup parameters of Graylog.
@jan , it is not a self-signed cert.
have some news on this tried this just a few minutes ago,
any suggestions on the config to add the keytool to the compose file so that when the container reboots?
jan
March 12, 2020, 2:17pm
12
Add the additional Java server opts to the compose file.
@jan thank you. That worked like a charm
system
March 26, 2020, 4:16pm
14
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
