Inputs not starting

So I can pull up the GUI using https and even show the valid certificate. I can create inputs but cannot start any inputs. I get the following error:
2019-02-28T12:37:43.528-05:00 WARN [ProxiedResource] Unable to call https://10.20.30.40:9000/api/system/inputstates on node <535aff1b-6b40-4208-bea5-827a6f560497>
javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.20.30.40 not verified:
certificate: sha256/RjIlKT792ohmSxPEr6P3Md60UwEqR8LA7OI39LEOVvc=
DN: CN=graylog.example.com, OU=IT1, O=Mine, L=Any, ST=Confused, C=US
subjectAltNames: [graylog.example.com, greylog.example.com]

How can I change the behaviour to use the hostname instead of the IP?

I also have this log entry:
2019-02-28T12:40:05.340-05:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=syslog_tcp_5141_linux, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=null} (channel [id: 0xdd8633b3, L:/0:0:0:0:0:0:0:0:5141]) should be 1048576 but is 212992.
When I look in the GUI, the Receive Buffer Size is set to: 1048576; is it defined else or am I looking in the wrong place?

Hostname 10.20.30.40 not verified:
certificate: sha256/RjIlKT792ohmSxPEr6P3Md60UwEqR8LA7OI39LEOVvc=
DN: CN=graylog.example.com, OU=IT1, O=Mine, L=Any, ST=Confused, C=US
subjectAltNames: [graylog.example.com, greylog.example.com]

Your created certificate does not include the IP of your Graylog - but that IP is used in the Graylog configuration that is why the certificate can’t be used for communication using the IP.

Thanks, in previous graylog versions I didn’t need to have SANs for the IP address in my certificate. Is there somewhere I can override this within my config?

what are your http_* settings?

grep -v “http_” /etc/graylog/server/server.conf | grep -v “#”
http_bind_address = 10.20.30.40:9000
http_enable_tls = true
http_tls_cert_file = /etc/graylog/certs/graylog.crt
http_tls_key_file = /etc/graylog/certs/graylog.pem
http_tls_key_password = XXX

I do have this behind an HAProxy server. I compared the graylog 3.0 documentation for running as such and also compared against my 2.x graylog environment.

please re-read the first three settings and their meaning

https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api

Thanks, I recut the certificate to include the individual nodes in the SubjectAltNames (SAN) in addition to the load balanced name and added the following to /etc/graylog/server/server.conf:

http_publish_uri = https://graloy-node1.example.com

Now the services are starting. Thank you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.