Problem with nginx configuration - Web interface

Graylog Central (peer support)
1

Hello Team !

I got a problem when installing Graylog. I am using 3 Elastic search server in cluster and 2 server for Graylog. Everyhting is running well. When i try to access to web interface i got a error 302.

Here is the result of /etc/log/nginx/error.log :
2020/05/12 10:18:06 [alert] 1048#1048: *30513 open socket #12 left in connection 1285
2020/05/12 10:18:06 [alert] 1048#1048: *30514 open socket #76 left in connection 1286
2020/05/12 10:18:06 [alert] 1048#1048: *30517 open socket #12 left in connection 1287
2020/05/12 10:18:06 [alert] 1048#1048: *30518 open socket #78 left in connection 1288
2020/05/12 10:18:06 [alert] 1048#1048: *30623 open socket #12 left in connection 1313
2020/05/12 10:18:06 [alert] 1048#1048: *30624 open socket #131 left in connection 1314
2020/05/12 10:18:06 [alert] 1048#1048: *30591 open socket #12 left in connection 1341
2020/05/12 10:18:06 [alert] 1048#1048: *30592 open socket #115 left in connection 1342
2020/05/12 10:18:06 [alert] 1048#1048: aborting

Here is my nginx.conf :
user www-data;
worker_processes auto;
worker_rlimit_nofile 10240;
pid /run/nginx.pid;

events {
        worker_connections 10240;
        # multi_accept on;
}

http {

        upstream elasticsearch {
                server ip:9200;
                server ip:9200;
                server ip:9200;

        }

  server {
      listen 9200;
      server_name elasticsearch_proxy;

      location / {
        proxy_pass http://elasticsearch;
      }

  }

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
stream {

        upstream interface-udp-5501 {
                server XXXXX:5501;
                server XXXXX:5501;
                server XXXXX:5501;
        }

        server {

                listen 5501 udp;

                proxy_timeout 10s;
                proxy_pass interface-udp-5501;

        }

        upstream interface-udp-5502 {
                server XXXXX:5502;
                server XXXXX:5502;
                server XXXXX:5502;
        }

        server {

                listen 5502 udp;

                proxy_timeout 10s;
                proxy_pass interface-udp-5502;
        }

        upstream interface-tcp-5503 {
                server XXXXX:5503;
                server XXXXX:5503;
                server XXXXX:5503;
        }

        server {

                listen 5503;

                proxy_timeout 10s;
                proxy_pass interface-tcp-5503;
}
}

Here is the /etc/nginx/sites-available/graylog :

upstream interface-web{
        server XXXXX;
        server XXXXX;
}


server {
        listen 80;
        server_name XXXXX;

        location / {
#               proxy_set_header Host $http_host;
#               proxy_set_header X-Forwarded-Host $host;
#               proxy_set_header X-Forwarded-Server $host;
#               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#               proxy_set_header X-Graylog-Server-URL http://$server_name/api;
#               proxy_pass http://ip:9000;
                return 301 https://$host$request_uri;
        }



}

server {
        listen 9200;
        server_name XXXXXX;

        location / {
                proxy_pass http://ip:9200/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection ‘upgrade’;
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
}
}
server {
        listen 9200;
        server_name XXXXXX;

        location / {
                proxy_pass http://ip:9200/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection ‘upgrade’;
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
}

}
server {
        listen 9200;
        server_name XXXXX;

        location / {
                proxy_pass http://ip:9200/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection ‘upgrade’;
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
}

}
server {

        listen 443 ssl;

        server_name  XXXXX;

        ##
        #Log
        ##
        access_log /var/log/nginx/access-svrsiem-01.log;
        error_log /var/log/nginx/error-svrsiem-01.log;



        ##
        # SSL Settings
        ##

        ssl settings


         #Include global SSL settings
        include /etc/nginx/ssl.conf;

        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Graylog-Server-URL https://address/api;
                proxy_pass http://ip-server:9000;
                }
        }

Could someone help me ? I’m not very use to nginx but i need to use it. Please let me know if you need more informations to answer me.

Thanks !

2

I’m not sure why you proxy the elasticsearch servers with nginx? That might be reason for that kind of error message.

In addition you use nginx for loadbalancing of your inputs. Is that intend? Did the interface come up and you “simple” see these errors and asked about their meaning or does it not work at all?

3

Hello Jan, thanks for the reply.

Ok for the elasticsearch it might be the problem of the error messages.

Loadbalancing is intend.

The web interface did not come up. So when i research the reason why, i found these errors and i determine is that my problem.

Here is the log of graylog :

2020-05-13T09:54:17.482+02:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-05-13T09:54:17.510+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2020-05-13T09:54:17.672+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2020-05-13T09:54:23.150+02:00 INFO  [Buffers] Waiting until all buffers are empty.
2020-05-13T09:54:23.615+02:00 INFO  [Buffers] All buffers are empty. Continuing.
2020-05-13T09:54:23.708+02:00 INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2020-05-13T09:54:23.721+02:00 INFO  [GracefulShutdownService] Running graceful shutdown for <2> shutdown hooks
2020-05-13T09:54:23.729+02:00 INFO  [GracefulShutdownService] Initiate shutdown for <BrowserDriverService>
2020-05-13T09:54:23.734+02:00 INFO  [GracefulShutdownService] Finished shutdown for <BrowserDriverService>, took 4 ms
2020-05-13T09:54:23.735+02:00 INFO  [GracefulShutdownService] Initiate shutdown for <JobWorkerPool>
2020-05-13T09:54:23.755+02:00 INFO  [GracefulShutdownService] Finished shutdown for <JobWorkerPool>, took 20 ms
2020-05-13T09:54:23.772+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2020-05-13T09:54:23.782+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <9ms>.
2020-05-13T09:54:23.782+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2020-05-13T09:54:23.783+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2020-05-13T09:54:23.784+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2020-05-13T09:54:23.784+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2020-05-13T09:54:23.784+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical].
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.785+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp].
2020-05-13T09:54:23.786+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] complete, took <0ms>.
2020-05-13T09:54:23.786+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread].
2020-05-13T09:54:23.786+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] complete, took <0ms>.
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads].
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] complete, took <0ms>.
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.views.search.db.SearchesCleanUpJob].
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.views.search.db.SearchesCleanUpJob] complete, took <0ms>.
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.events.periodicals.EventNotificationStatusCleanUp].
2020-05-13T09:54:23.794+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.events.periodicals.EventNotificationStatusCleanUp] complete, took <0ms>.
2020-05-13T09:54:23.796+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2020-05-13T09:54:23.796+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2020-05-13T09:54:23.809+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.aggregates.report.AggregatesReport].
2020-05-13T09:54:23.809+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.aggregates.report.AggregatesReport] complete, took <0ms>.
2020-05-13T09:54:23.810+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance].
2020-05-13T09:54:23.810+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] complete, took <0ms>.
2020-05-13T09:54:23.810+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.license.LicenseManagerPeriodical].
2020-05-13T09:54:23.810+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.license.LicenseManagerPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.license.LicenseReportPeriodical].
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.license.LicenseReportPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.report.scheduler.ReportPeriodical].
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.report.scheduler.ReportPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.report.service.ChromeDriverCleanupPeriodical].
2020-05-13T09:54:23.812+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.report.service.ChromeDriverCleanupPeriodical] complete, took <0ms>.
2020-05-13T09:54:23.812+02:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-05-13T09:54:23.813+02:00 INFO  [GracefulShutdown] Goodbye.
2020-05-13T09:54:23.860+02:00 INFO  [JournalReader] Stopping.
2020-05-13T09:54:23.908+02:00 INFO  [JerseyService] Shutting down HTTP listener at <172.22.0.31:9000>
2020-05-13T09:54:24.007+02:00 INFO  [LookupDataAdapterRefreshService] Stopping 0 jobs
2020-05-13T09:54:24.006+02:00 INFO  [LogManager] Shutting down.
2020-05-13T09:54:24.647+02:00 INFO  [LogManager] Shutdown complete.
2020-05-13T09:54:25.107+02:00 INFO  [NetworkListener] Stopped listener bound to [172.22.0.31:9000]
2020-05-13T09:54:25.108+02:00 INFO  [ServiceManagerListener] Services are now stopped.
2020-05-13T09:54:37.394+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 3.2.4 [org.graylog.aws.AWSPlugin]
2020-05-13T09:54:37.398+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integrations 3.2.4 [org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin]
2020-05-13T09:54:37.400+02:00 INFO  [CmdLineTool] Loaded plugin: Integrations 3.2.4 [org.graylog.integrations.IntegrationsPlugin]
2020-05-13T09:54:37.400+02:00 INFO  [CmdLineTool] Loaded plugin: Aggregates 2.2.4 [org.graylog.plugins.aggregates.AggregatesPlugin]
2020-05-13T09:54:37.402+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 3.2.4 [org.graylog.plugins.collector.CollectorPlugin]
2020-05-13T09:54:37.403+02:00 INFO  [CmdLineTool] Loaded plugin: Graylog Enterprise 3.2.4 [org.graylog.plugins.enterprise.EnterprisePlugin]
2020-05-13T09:54:37.404+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 3.2.4 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2020-05-13T09:54:38.442+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms2g -Xmx2g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -XX:+UseParNewGC -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb
2020-05-13T09:54:38.865+02:00 INFO  [Version] HV000001: Hibernate Validator null
2020-05-13T09:54:45.654+02:00 INFO  [InputBufferImpl] Message journal is enabled.
2020-05-13T09:54:45.732+02:00 INFO  [NodeId] Node ID: 921b7ad3-64c9-4eba-a6fb-0b01ecda0f3d
2020-05-13T09:54:46.042+02:00 INFO  [LogManager] Loading logs.
2020-05-13T09:54:46.119+02:00 INFO  [LogManager] Logs loading complete.
2020-05-13T09:54:46.124+02:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2020-05-13T09:54:46.155+02:00 INFO  [cluster] Cluster created with settings {hosts=[172.22.0.31:27017, 172.22.0.32:27017], mode=MULTIPLE, requiredClusterType=REPLICA_SET, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000, requiredReplicaSetName='rs0'}
2020-05-13T09:54:46.158+02:00 INFO  [cluster] Adding discovered server 172.22.0.31:27017 to client view of cluster
2020-05-13T09:54:46.206+02:00 INFO  [cluster] Adding discovered server 172.22.0.32:27017 to client view of cluster
2020-05-13T09:54:46.247+02:00 INFO  [cluster] No server chosen by com.mongodb.Mongo$4@40f1aa95 from cluster description ClusterDescription{type=REPLICA_SET, connectionMode=MULTIPLE, serverDescriptions=[ServerDescription{address=172.22.0.32:27017, type=UNKNOWN, state=CONNECTING}, ServerDescription{address=172.22.0.31:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2020-05-13T09:54:46.539+02:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:4721}] to 172.22.0.31:27017
2020-05-13T09:54:46.537+02:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:4291}] to 172.22.0.32:27017
2020-05-13T09:54:46.584+02:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=172.22.0.32:27017, type=REPLICA_SET_SECONDARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 0, 18]}, minWireVersion=0, maxWireVersion=7, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=26285747, setName='rs0', canonicalAddress=172.22.0.32:27017, hosts=[172.22.0.32:27017, 172.22.0.31:27017], passives=[], arbiters=[], primary='172.22.0.31:27017', tagSet=TagSet{[]}, electionId=null, setVersion=2, lastWriteDate=Wed May 13 09:54:46 CEST 2020, lastUpdateTimeNanos=752722202349169}
2020-05-13T09:54:46.587+02:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=172.22.0.31:27017, type=REPLICA_SET_PRIMARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 0, 18]}, minWireVersion=0, maxWireVersion=7, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=5178620, setName='rs0', canonicalAddress=172.22.0.31:27017, hosts=[172.22.0.32:27017, 172.22.0.31:27017], passives=[], arbiters=[], primary='172.22.0.31:27017', tagSet=TagSet{[]}, electionId=7fffffff000000000000000c, setVersion=2, lastWriteDate=Wed May 13 09:54:46 CEST 2020, lastUpdateTimeNanos=752722179285605}
2020-05-13T09:54:46.588+02:00 INFO  [cluster] Setting max election id to 7fffffff000000000000000c from replica set primary 172.22.0.31:27017
2020-05-13T09:54:46.588+02:00 INFO  [cluster] Setting max set version to 2 from replica set primary 172.22.0.31:27017
2020-05-13T09:54:46.588+02:00 INFO  [cluster] Discovered replica set primary 172.22.0.31:27017
2020-05-13T09:54:46.636+02:00 INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:4722}] to 172.22.0.31:27017
2020-05-13T09:54:47.161+02:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2020-05-13T09:54:47.517+02:00 INFO  [AbstractJestClient] Setting server pool to a list of 3 servers: [http://svres-01.beijaflore.com:9200,http://svres-02.beijaflore.com:9200,http://svres-03.beijaflore.com:9200]
2020-05-13T09:54:47.518+02:00 INFO  [JestClientFactory] Using multi thread/connection supporting pooling connection manager
2020-05-13T09:54:47.632+02:00 INFO  [JestClientFactory] Using custom ObjectMapper instance
2020-05-13T09:54:47.633+02:00 INFO  [JestClientFactory] Node Discovery disabled...
2020-05-13T09:54:47.633+02:00 INFO  [JestClientFactory] Idle connection reaping disabled...
2020-05-13T09:54:48.611+02:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2020-05-13T09:54:48.987+02:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2020-05-13T09:54:49.111+02:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:4723}] to 172.22.0.31:27017
2020-05-13T09:54:49.162+02:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:4724}] to 172.22.0.31:27017
2020-05-13T09:54:50.234+02:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2020-05-13T09:54:50.238+02:00 INFO  [ServerBootstrap] Graylog server 3.2.4+a407287 starting up
2020-05-13T09:54:50.238+02:00 INFO  [ServerBootstrap] JRE: Private Build 1.8.0_252 on Linux 4.4.0-159-generic
2020-05-13T09:54:50.239+02:00 INFO  [ServerBootstrap] Deployment: deb
2020-05-13T09:54:50.239+02:00 INFO  [ServerBootstrap] OS: Ubuntu 16.04.6 LTS (xenial)
2020-05-13T09:54:50.239+02:00 INFO  [ServerBootstrap] Arch: amd64
2020-05-13T09:54:50.477+02:00 INFO  [PeriodicalsService] Starting 37 periodicals ...
2020-05-13T09:54:50.477+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2020-05-13T09:54:50.500+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2020-05-13T09:54:50.510+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.AlertScannerThread] periodical. Not configured to run on this node.
2020-05-13T09:54:50.511+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2020-05-13T09:54:50.532+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2020-05-13T09:54:50.539+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not configured to run on this node.
2020-05-13T09:54:50.539+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2020-05-13T09:54:50.540+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2020-05-13T09:54:50.540+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2020-05-13T09:54:50.552+02:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2020-05-13T09:54:50.554+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2020-05-13T09:54:50.554+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2020-05-13T09:54:50.555+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2020-05-13T09:54:50.555+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2020-05-13T09:54:50.556+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2020-05-13T09:54:50.557+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2020-05-13T09:54:50.558+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2020-05-13T09:54:50.559+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2020-05-13T09:54:50.561+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2020-05-13T09:54:50.647+02:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:4725}] to 172.22.0.31:27017
2020-05-13T09:54:50.652+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2020-05-13T09:54:50.653+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2020-05-13T09:54:50.656+02:00 INFO  [connection] Opened connection [connectionId{localValue:8, serverValue:4727}] to 172.22.0.31:27017
2020-05-13T09:54:50.662+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2020-05-13T09:54:50.663+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2020-05-13T09:54:50.665+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2020-05-13T09:54:50.675+02:00 INFO  [Periodicals] Starting [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] periodical in [0s], polling every [3600s].
2020-05-13T09:54:50.677+02:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:4726}] to 172.22.0.31:27017
2020-05-13T09:54:50.691+02:00 INFO  [connection] Opened connection [connectionId{localValue:9, serverValue:4728}] to 172.22.0.31:27017
2020-05-13T09:54:50.692+02:00 INFO  [Periodicals] Starting [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] periodical in [120s], polling every [86400s].
2020-05-13T09:54:50.693+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] periodical in [0s], polling every [600s].
2020-05-13T09:54:50.694+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] periodical in [0s], polling every [600s].
2020-05-13T09:54:50.695+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.views.search.db.SearchesCleanUpJob] periodical in [3600s], polling every [28800s].
2020-05-13T09:54:50.696+02:00 INFO  [Periodicals] Starting [org.graylog.events.periodicals.EventNotificationStatusCleanUp] periodical in [120s], polling every [86400s].
2020-05-13T09:54:50.717+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2020-05-13T09:54:50.737+02:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:4729}] to 172.22.0.31:27017
2020-05-13T09:54:50.740+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.report.AggregatesReport] periodical in [0s], polling every [60s].
2020-05-13T09:54:50.741+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] periodical in [0s], polling every [60s].
2020-05-13T09:54:50.742+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.license.LicenseManagerPeriodical] periodical in [0s], polling every [300s].
2020-05-13T09:54:50.744+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.license.LicenseReportPeriodical] periodical in [300s], polling every [3600s].
2020-05-13T09:54:50.750+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.auditlog.mongodb.MongoAuditLogPeriodical] periodical in [0s], polling every [3600s].
2020-05-13T09:54:50.760+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.report.scheduler.ReportPeriodical] periodical in [120s], polling every [60s].
2020-05-13T09:54:50.760+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.report.service.ChromeDriverCleanupPeriodical] periodical in [60s], polling every [180s].
2020-05-13T09:54:50.768+02:00 ERROR [MongoAuditLogPeriodical] Not running cleanup for auditlog entries in MongoDB because there is no valid license.
2020-05-13T09:54:50.874+02:00 INFO  [AggregatesMaintenance] Removed 0 history items
2020-05-13T09:54:52.246+02:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint

These logs just shows errors because i want activate the Enterprise license but i need the web interface to activate it so i think i can access to the web interface without correcting these errors. What do you think ?

4

he @Aymeric

what are the http_* parameter in your Graylog server.conf?

I did not see any “Graylog is up and running” message what you get after a successful start of Graylog in the log. Only when this is given you know hat Graylog is listening and you can connect to the webinterface.

So this need to be fixed first before you start debug your nginx.

5

@jan
Ok, here is the conf Graylog :

is_master = true (for the First server and none for the second one) 
node_id_file = /etc/graylog/server/node-id
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://172.X.X.X:9000/api
rest_transport_uri = http://svrsiemXXXXXX:9000/api/web_enable = true
http_bind_address = 172.X.X.X:9000
http_publish_uri = http://172.X.X.X:9000
web_listen_uri = http://172.X.X.X:9000/
web_endpoint_uri = http://svrsiemXXXXX:9000/
elasticsearch_hosts = http://svresXXXXX:9200, http://svresXXXXX.com:9200
mongodb_uri = mongodb://XXXXX:XXXXX@172.X.X.X:27017,172.X.X.X:27017/graylog?replicaSet=rs0

Please let me know if you need more information. to understand the problem.

I follow every steps in the graylog documentation to install Graylog https://docs.graylog.org/en/3.0/pages/installation.html

6

he @Aymeric

it looks like you did not removed the not needed configuration settings from the server.conf after you have updated from a previous version of graylog.

please remove rest_* and web_* settings complete from your server.conf.

Your wanted setup is USER --> NGINX (80/443) --> Graylog (9000)?

http_bind_address on both systems their IP 172.X.X.X:9000
http_publish_uri on both system their IP http://172.X.X.X:9000
http_external_uri http://yourNGINXProxy

7

Hey @jan

The wanted setup is exactly what you mentionned, NGINX (80/443) and Graylog (9000)

I have remove the rest and web settings.
I did what you mentionned next and now in graylog-server/server.log i see :
INFO [ServerBootstrap] Graylog server up and running.
That is a great point !

I have delete the settings for my elastic server in nginx. But now i don’t see them when i do netstat -plntu.
The web interface does not come up aswell.
What are the next steps to makes everything run well ?

8

you should first check if you can reach the Graylog interface on port 9000 - if that is possible next is adding the nginx.

Start with the minimal sample configuration from https://docs.graylog.org/en/3.2/pages/configuration/web_interface.html#nginx and if that is working add the inputs.

9

Hello @jan.

Thank you very much for your answers. We finaly manage to connect to the graylog web interface. To do that we changed thoses lines in the graylog server configuration file:

http_bind_address = 0.0.0.0:9000
http_publish_uri = http://172.X.X.X:9000/
http_external_uri = http://172.X.X.X:9000/

So by changing the http_bind adress and by changing the external_uri with the IP adress instead of the domain name, we manage to connect to the web interface by typing http://172.X.X.X:9000.
The goal now would be to be able to connect to the graylog web interface by typing our domain name. How can we make this work?
If we change back the external_uri in the configuration file with the domain name and try to reach graylog web interface by typing http://domainname.com it doesn’t work.

An other probleme is that when doing a netstat -plntu we still dont have a listen 9200 since we removed the listen 9200 parts in the nginx configuration as you advice. How are we supposed to do the connection between graylog and elasticsearch in order to have the listen 9200 if it is not by indicating it in the nginx configuration?
Thank you very much agan.

10

as written multiple times already (and as in the documentation):

  • http_publish_uri is where each Graylog connects to itself and in a cluster all other nodes connect to this. So this MUST be reachable by all Graylog Nodes.
  • http_external_uri is where your BROWSER can reach Graylog.

When you have a working DNS entry for domainname.com that points to a location where Graylog can be reached (for example the http_publish_uri) this will work.

Port 9200 is the default Elasticsearch port I do not get why you want Graylog to speak via NGINX with Elasticsearch - maybe you want to clarify on that.

11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.