Description of your problem
i am trying to integrate NUCOOL oss system with Graylog using the webhok URL “https://172.18.72.210:4443/probe/webhook/NetOps” provided by nucool . i am using graylog HTTP alert notification feature to set the webhook URL configuration to send an alert to nucool whenever new alerts get triggered.
while integration i get PKIX path building failed: sun.security.provider.certpath.sunCertPathBuilderException:unable to find valid certificate path to requested target error.
my graylog is running on POD.and webhook URL provided by nucool oss team is using self signed certificate .
may i know how i can fix this error…is there any specific config needs to be done on graylog pod to overcome this issue please suggest.
Description of steps you’ve taken to attempt to solve the issue
i have imported self singed cert to keystore in master node but that didnt solve the issue, i a not sure how it can be done on graylog POD if it is required to do so.
Environmental information
using openshift environment to deploy the Graylog POD
Operating system information
Debian
Containers (OPENSHIFT)
Package versions
Graylog :3.3
MongoDB :mongo:3.6
logstash:7.0.0-alpha2
Elasticsearch /elasticsearch:6.8.7
``` GRAYLOG YAML apiVersion: v1 kind: ConfigMap metadata: name: graylog-conf data: nginx.conf: | user nginx; worker_processes 3; error_log /var/log/nginx/error.log; events { worker_connections 10240; } http { log_format main 'remote_addr:$remote_addr\t' 'time_local:$time_local\t' 'method:$request_method\t' 'uri:$request_uri\t' 'host:$host\t' 'status:$status\t' 'bytes_sent:$body_bytes_sent\t' 'referer:$http_referer\t' 'useragent:$http_user_agent\t' 'forwardedfor:$http_x_forwarded_for\t' 'request_time:$request_time'; access_log /var/log/nginx/access.log main; server { listen 80; server_name _; location / { root html; index index.html index.htm; } } include /etc/nginx/virtualhost/virtualhost.conf; } virtualhost.conf: | #upstream app { #server localhost:8080; #keepalive 1024; #} server { listen 443 ssl ; #listen [::]:80 default_server ipv6only=on; ssl_certificate /etc/ssl/nginx.crt; ssl_certificate_key /etc/ssl/nginx.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; server_name {{ .Values.nodes.worker1 }}; location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Graylog-Server-URL https://netops-graylog-netopsai.apps.ocp19.nfvdev.tlabs.ca/; proxy_pass http://127.0.0.1:9000/; } location ^~/input { rewrite ^/input/(.*)$ /$1 break; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Graylog-Server-URL https://netops-graylog-netopsai.apps.ocp19.nfvdev.tlabs.ca/; proxy_pass http://127.0.0.1:12201/; } } graylog.conf: | transportEmail: GRAYLOG_TRANSPORT_EMAIL_ENABLED: true GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "205.206.214.22" GRAYLOG_TRANSPORT_EMAIL_PORT: 25 GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "false" GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "false" GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false" GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: "false" GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: "false" GRAYLOG_TRANSPORT_EMAIL_SUBJECT_PREFIX: "false" GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL: "noreply@telus.com" # # Interpolate # sed 's/"/\\\"/g;s/.*/echo "&"/e' ${GRAYLOG_HOME}/config/graylog.conf > ${GRAYLOG_HOME}/graylog.conf.subst #echo "Graylog Home ${GRAYLOG_HOME}" #echo "JVM Options ${GRAYLOG_SERVER_JAVA_OPTS}" #"${JAVA_HOME}/bin/java" \ # ${GRAYLOG_SERVER_JAVA_OPTS} \ #-jar \ #-Dlog4j.configurationFile=${GRAYLOG_HOME}/config/log4j2.xml \ #-Djava.library.path=${GRAYLOG_HOME}/lib/sigar/ \ #-Dgraylog2.installation_source=docker \ #${GRAYLOG_HOME}/graylog.jar \ #server \ --- apiVersion: apps/v1 kind: StatefulSet metadata: name: graylog spec: replicas: {{ .Values.replicaCount }} serviceName: graylog selector: matchLabels: app: graylog template: metadata: labels: app: graylog spec: imagePullSecrets: - name: {{ .Values.image.imagePullSecrets }} serviceAccount: netopsai serviceAccountName: netopsai containers: - name: graylog-nginx image: nginx ports: - containerPort: 9000 volumeMounts: - mountPath: /etc/nginx readOnly: true name: graylog-conf - mountPath: /etc/ssl readOnly: true name: graylog-certs - name: graylog image: {{ .Values.graylog.image }} env: - name: GRAYLOG_PASSWORD_SECRET value: {{ .Values.graylog.pswdsecret }} - name: GRAYLOG_ROOT_PASSWORD_SHA2 value: {{ .Values.graylog.pswdsha2 }} - name: GRAYLOG_HTTP_BIND_ADDRESS value: {{ .Values.graylog.bindaddress }} - name: GRAYLOG_ELASTICSEARCH_HOSTS value: http://elastic-search:9200 - name: GRAYLOG_MONGODB_URI value: {{ .Values.graylog.mongodburi }} - name: GRAYLOG_TRANSPORT_EMAIL_ENABLED value: "true" - name: GRAYLOG_TRANSPORT_EMAIL_HOSTNAME value: "205.206.214.22" - name: GRAYLOG_TRANSPORT_EMAIL_PORT value: "25" - name: GRAYLOG_TRANSPORT_EMAIL_USE_AUTH value: "false" - name: GRAYLOG_TRANSPORT_EMAIL_USE_TLS value: "false" - name: GRAYLOG_TRANSPORT_EMAIL_USE_SSL value: "false" - name: GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME value: "" - name: GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD value: "" - name: GRAYLOG_TRANSPORT_EMAIL_SUBJECT_PREFIX value: "graylog" - name: GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL value: "noreply@telus.com" ports: - containerPort: {{ .Values.graylog.containerport1 }} - containerPort: {{ .Values.graylog.containerport2 }} volumes: - name: graylog-conf configMap: name: graylog-conf items: - key: nginx.conf path: nginx.conf - key: virtualhost.conf path: virtualhost/virtualhost.conf - name: graylog-certs # hostPath: # path: /etc/nginx/ssl-certs/ # type: Directory secret: secretName: graylog-certs # nodeSelector: # name: worker1 --- apiVersion: v1 kind: Service metadata: name: graylog spec: type: {{ .Values.graylog.type }} ports: - name: "{{ .Values.graylog.port }}" port: {{ .Values.graylog.port }} targetPort: {{ .Values.graylog.port }} nodePort: {{ .Values.graylog.nodeport }} - name: "{{ .Values.graylog_http.port }}" port: {{ .Values.graylog_http.port }} targetPort: {{ .Values.graylog_http.port }} nodePort: {{ .Values.graylog_http.nodeport }} selector: app: graylog