Yeah that was a classic example of not thinking this trough…
This is the curl output:
$ curl -k -v -i https://graylog.example.com:9001/api/
* Trying 10.8.0.43...
* Connected to graylog.example.com (10.8.0.43) port 9001 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 694 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: graylog.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=DE,ST=Saxony,L=Leipzig,O=Example AG,OU=IT,CN=graylog.example.com,EMAIL=t.user@example.com
* start date: Fri, 30 Jun 2017 10:36:33 GMT
* expire date: Sat, 30 Jun 2018 10:36:33 GMT
* issuer: C=DE,ST=Saxony,L=Leipzig,O=Example AG,OU=IT,CN=graylog.example.com,EMAIL=t.user@example.com
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /api/ HTTP/1.1
> Host: graylog.example.com:9001
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
HTTP/1.1 307 Temporary Redirect
< Location: https://graylog.example.com:9001/
Location: https://graylog.example.com:9001/
< X-Graylog-Node-ID: 2e5b7b01-4bbb-4c31-9d58-609a26bcf698
X-Graylog-Node-ID: 2e5b7b01-4bbb-4c31-9d58-609a26bcf698
< X-Runtime-Microseconds: 1030
X-Runtime-Microseconds: 1030
< Date: Mon, 03 Jul 2017 12:42:46 GMT
Date: Mon, 03 Jul 2017 12:42:46 GMT
< Content-Length: 0
Content-Length: 0
<
* Connection #0 to host graylog.example.com left intact
The log is really really big. There are several hundred lines, mainly because the mentioned warning messages reappear a couple of times.
These are the last couple of lines from the log after a bunch of mongo related log messages:
2017-07-03 12:44:25,585 INFO : org.glassfish.grizzly.http.server.NetworkListener - Started listener bound to [0.0.0.0:9000]
2017-07-03 12:44:25,588 INFO : org.glassfish.grizzly.http.server.HttpServer - [HttpServer] Started.
2017-07-03 12:44:25,589 INFO : org.graylog2.shared.initializers.JerseyService - Started REST API at <https://0.0.0.0:9000/api/>
2017-07-03 12:44:25,589 INFO : org.graylog2.shared.initializers.JerseyService - Started Web Interface at <https://0.0.0.0:9000/>
2017-07-03 12:44:25,594 INFO : org.graylog2.shared.initializers.ServiceManagerListener - Services are healthy
2017-07-03 12:44:25,595 INFO : org.graylog2.bootstrap.ServerBootstrap - Services started, startup times in ms: {BufferSynchronizerService [RUNNING]=29, OutputSetupService [RUNNING]=33, InputSetupService [RUNNING]=46, KafkaJournal [RUNNING]=58, ConfigurationEtagService [RUNNING]=74, StreamCacheService [RUNNING]=100, JournalReader [RUNNING]=122, PeriodicalsService [RUNNING]=245, IndexerSetupService [RUNNING]=3800, JerseyService [RUNNING]=19762}
2017-07-03 12:44:25,599 INFO : org.graylog2.shared.initializers.InputSetupService - Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-07-03 12:44:25,606 INFO : org.graylog2.bootstrap.ServerBootstrap - Graylog server up and running.
2017-07-03 12:44:25,695 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/58d27486c414790001ce211c] is now STARTING
2017-07-03 12:44:25,700 INFO : org.graylog2.inputs.InputStateListener - Input [GELF TCP/58c2ce5b4cedfd0001d55fb9] is now STARTING
2017-07-03 12:44:25,712 INFO : org.graylog2.plugin.inputs.transports.AbstractTcpTransport - Enabled TLS for input [GELF TCP/58c2ce5b4cedfd0001d55fb9]. key-file="/usr/share/graylog/data/config/certs/graylog-ca.key.pem" cert-file="/usr/share/graylog/data/config/certs/graylog-ca.pem"
2017-07-03 12:44:25,740 WARN : org.graylog2.plugin.inputs.transports.NettyTransport - receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=TCP TLS Input SYSLOG, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=2e5b7b01-4bbb-4c31-9d58-609a26bcf698} should be 1048576 but is 212992.
2017-07-03 12:44:25,748 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/58d27486c414790001ce211c] is now RUNNING
2017-07-03 12:44:25,777 WARN : org.graylog2.plugin.inputs.transports.NettyTransport - receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=GELF TLS Windows, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=2e5b7b01-4bbb-4c31-9d58-609a26bcf698} should be 1048576 but is 212992.
2017-07-03 12:44:25,782 INFO : org.graylog2.inputs.InputStateListener - Input [GELF TCP/58c2ce5b4cedfd0001d55fb9] is now RUNNING
If you really need the complete log, I need to provide it via some alternative way. This is clearly to much to post here.
And I double checked the config file for the web_enable_tls
and rest_enable_tls
are activated.