Possible bracketless IPv6 literal Graylog 3.0. Part 2

Graylog Central (peer support)
1

Hello, this topic somehow related to this issue Possible bracketless IPv6 literal Graylog 3.0

What I am trying to do is just to start Graylog from docker-compose using manual

Here is docker compose directly copy-paste from manual (changed my server local IP address only)

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
    volumes:
      - mongo_data:/data/db
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_BIND_ADDRESS=http://192.168.19.27:9000/api
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:514
      # Syslog UDP
      - 514:514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

And this is my error

graylog_1        | 2019-02-18 12:07:33,064 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 3.0.0 [org.graylog.aws.AWSPlugin]
graylog_1        | 2019-02-18 12:07:33,079 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 3.0.0 [org.graylog.plugins.collector.CollectorPlugin]
graylog_1        | 2019-02-18 12:07:33,086 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 3.0.0 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
graylog_1        | 2019-02-18 12:07:33,282 ERROR: org.graylog2.bootstrap.CmdLineTool - Invalid configuration
graylog_1        | com.github.joschi.jadconfig.ValidationException: java.lang.IllegalArgumentException: Possible bracketless IPv6 literal: http://192.168.19.27:9000/api
graylog_1        |      at org.graylog2.configuration.HttpConfiguration.validateHttpBindAddress(HttpConfiguration.java:227) ~[graylog.jar:?]
graylog_1        |      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
graylog_1        |      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
graylog_1        |      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
graylog_1        |      at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
graylog_1        |      at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
graylog_1        |      at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
graylog_1        |      at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
graylog_1        |      at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
graylog_1        |      at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
graylog_1        |      at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:178) [graylog.jar:?]
graylog_1        |      at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
graylog_1        | Caused by: java.lang.IllegalArgumentException: Possible bracketless IPv6 literal: http://192.168.19.27:9000/api
graylog_1        |      at com.google.common.base.Preconditions.checkArgument(Preconditions.java:216) ~[graylog.jar:?]
graylog_1        |      at com.google.common.net.HostAndPort.requireBracketsForIPv6(HostAndPort.java:275) ~[graylog.jar:?]
graylog_1        |      at org.graylog2.configuration.HttpConfiguration.getHttpBindAddress(HttpConfiguration.java:88) ~[graylog.jar:?]
graylog_1        |      at org.graylog2.configuration.HttpConfiguration.validateHttpBindAddress(HttpConfiguration.java:222) ~[graylog.jar:?]
graylog_1        |      ... 11 more
graylog-docker-compose_graylog_1 exited with code 1

Any ideas how to fix this ?

2 
GRAYLOG_HTTP_BIND_ADDRESS=http://192.168.19.27:9000/api

http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api

http_bind_address = 127.0.0.1:9000

    The network interface used by the Graylog HTTP interface.
    This network interface must be accessible by all Graylog nodes in the cluster and by all clients using the Graylog web interface.
    If the port is omitted, Graylog will use port 9000 by default.

no protocol included - only the ip/port

1 Like
4

Yes, it helps. Thank you.
There is a mistake

Screenshot_386
Screenshot_386.png1204×872 28.1 KB

How can we fixed it?

6

first it was not clear that the error you mentioned is in the docs.

that is now fixed.

1 Like
7

Other problem was founded.
graylog-docker-compose_graylog_1 exited with code 255
Full docker-compose output log is here

docker-compose file the same as in the previous post.

8

I just copy&pasted the docker-compose from the docs and got a working setup.

9

@jan Can you show me your docker-compose file?

10

My docker-compose:

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
    volumes:
      - mongo_data:/data/db
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_BIND_ADDRESS=192.168.19.27:9000
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:514
      # Syslog UDP
      - 514:514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

I changed only GRAYLOG_HTTP_BIND_ADDRESS to my local server IP.
Docker-compose from official docs, Persisting data headline.
And it doesn’t work for me.
Where is my mistake ?

11

GRAYLOG_HTTP_BIND_ADDRESS is actually your problem.

How should Graylog bind to the IP that is on the HOST that Docker runs and not the IP of your Docker Container …

12

Ok, I took exactly what is in doc,

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
    volumes:
      - mongo_data:/data/db
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_BIND_ADDRESS=127.0.0.1:9000
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:514
      # Syslog UDP
      - 514:514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

graylog/graylog:3.0 - Up 6 minutes (unhealthy)

Screenshot_278
Screenshot_278.png1349×131 6.78 KB

Can you show me your docker-compose which is launch properly ?

13

I have the following docker-compose taken from the docs, modified that I can access the UI on my computer

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.0
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.0
    environment:
      # CHANGE ME!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:514
      # Syslog UDP
      - 514:514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
1 Like
14

Ok, I found misunderstanding.
You use this variable GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ , but I didn’t. That’s why my GrayLog works only from local IP, but not from remote.

My proposition is to add GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ to the main doc http://docs.graylog.org/en/latest/pages/installation/docker.html for those who want to try GrayLog remotely.

Thank you for your support!

15

My proposition is to add GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ to the main doc http://docs.graylog.org/en/latest/pages/installation/docker.html for those who want to try GrayLo

feel free to create a PR for the documentation that highlights this. The Documentation is open source as the product itself.

16

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.