Jerry
(Su)
October 12, 2019, 3:03am
1
hello,
my graylog is refer the docker-compose file from graylog document center.
all run in one container.
then I modify below setting to enable the https:
at compose file:
- GRAYLOG_HTTP_EXTERNAL_URI=https://xxxxxxxxxx:9000/
at graylog.conf
http_enable_tls = true
http_tls_cert_file = /usr/share/graylog/ssl/graylog.crt
http_tls_key_file = /usr/share/graylog/ssl/graylog.key
and then I am able to login the graylog web interface via https, and able to recevie and search the log which send from other servers.
ONLY ONE ODD THING
if I go to system–> nodes
I not able to get the node info : System information is currently unavailable.
BUT IF I remove the above https setting, everthing back to normal
I wondering did I miss something ?
Jerry
(Su)
October 14, 2019, 1:29am
2
did I need set sth at es or mangodb container ?
jan
(Jan Doberstein)
October 14, 2019, 10:46am
3
I wondering did I miss something ?
without sharing the complete configuration it would be only guessing what might be wrong.
But I guess that you have a self signed certificate and Graylog is not able to identify/check the certificate and throw an error … but that is only guessing.
Jerry
(Su)
October 15, 2019, 2:32am
4
hey Jan, thanks for your reply.
the cert is issued by DigiCert, not self signed. since cert is from DigiCert , So I did not set any JVM trust store or key store…(not sure if a problem)
the docker-compose file is below:
version: ‘2’
services:
mongodb:
restart: always
image: mongo:3
volumes:
- mongo_data:/data/db
indent preformatted text by 4 spaces
elasticsearch:
restart: always
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
restart: always
image: graylog/graylog:3.1.2
volumes:
- graylog_journal:/usr/share/graylog/data/journal
- /graylog/ssl/:/usr/share/graylog/ssl/
- /graylog/graylog.conf:/usr/share/graylog/data/config/graylog.conf
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=xxxxxxxxxxxx
- GRAYLOG_HTTP_EXTERNAL_URI=https://log.xxxxx.com:9000/
- root_timezone=Asia/Shanghai
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
- 5044:5044
- 5044:5044/udp
- 514:514
- 514:514/udp
- 443:443
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
=================================================
the graylog.conf :
is_master = true
node_id_file = /usr/share/graylog/data/config/node-id
password_secret = replacethiswithyourownsecret!
root_password_sha2 = xxxxxxxxxxxxxxxx
root_timezone = Asia/Hong_Kong
plugin_dir = /usr/share/graylog/plugin
http_bind_address = 0.0.0.0:9000
http_enable_tls = true
http_tls_cert_file = /usr/share/graylog/ssl/graylog.crt
http_tls_key_file = /usr/share/graylog/ssl/graylog.key
elasticsearch_hosts = http://elasticsearch:9200
allow_leading_wildcard_searches = false
allow_highlighting = false
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /usr/share/graylog/data/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://mongo/graylog
mongodb_max_connections = 100
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_loader_enabled = true
content_packs_dir = /usr/share/graylog/data/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32
jan
(Jan Doberstein)
October 16, 2019, 8:26am
5
I would not mix environmental settings and configuration settings. Use either or but not both.
Jerry
(Su)
October 21, 2019, 3:23am
6
whats that meaing? I can get it…
jan
(Jan Doberstein)
October 21, 2019, 5:52am
7
you have some settings done in your docker-compose via environmental settings and in addition you have a Graylog server.conf.
I would use either or - making all settings via environmental settings OR all settings via configuration file.
Jerry
(Su)
October 23, 2019, 1:21am
8
I remove all the "environment properties " in graylog section in docker-compose file.
and then add the same setting on the graylog.conf . But still got the same error
jan
(Jan Doberstein)
October 23, 2019, 8:55am
9
what settings exactly you have in the Graylog configuration? the http_*
settings are the important ones…
system
(system)
Closed
November 6, 2019, 8:57am
10
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.