Reset admin password in docker container

1. Describe your incident:
I lost my admin password. Graylog is started in docker with persistent data.

2. Describe your environment:
docker

• Package Version:
  latest

3. What steps have you already taken to try and solve the problem?
i tryed to start graylog docker container in interactive mode (with docker exec) but not found graylog-ctl or vi(vim) nano editor (default user graylog)

4. How can the community help?

How i can reset admin password? Thanks!

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hello
Perhaps these posts.
Don’t be fooled by the naming convention of these posts, I do see commands that would be able to help.

• Docker image: admin password can't be changed after the first start · Issue #53 · Graylog2/graylog2-images · GitHub
• How to change admin password for Docker after initial start (persisted data)?
• Login problem with GrayLog after installation - Docker Compose

To sum it up, You need to reset the Admin password. This is done only by reconfiguring the Graylog server configuration file. This is where the hashed password is locate.

Example:
Graylog comes with a default configuration that works out of the box but you have to set a password for the admin user. Also the web interface needs to know how to connect from your browser to the Graylog API. Both can be done via environment variables.

  -e GRAYLOG_PASSWORD_SECRET=somepasswordpepper
  -e GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
  -e GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api"

In this case you can login to Graylog with the user and password admin. Generate your own password with this command:

  $ echo -n yourpassword | shasum -a 256

This all can be put in a docker-compose file, like:

version: '2'
services:
  some-mongo:
    image: "mongo:3"
  some-elasticsearch:
    image: "elasticsearch:6"
    command: "elasticsearch -Des.cluster.name='graylog'"
  graylog:
    image: graylog2/server:4.x.x.x
    environment:
      GRAYLOG_PASSWORD_SECRET: somepasswordpepper
      GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      GRAYLOG_WEB_ENDPOINT_URI: http://127.0.0.1:9000/api
    links:
      - some-mongo:mongo
      - some-elasticsearch:elasticsearch
    ports:
      - "9000:9000"

After starting the three containers with docker-compose up open your browser with the URL http://127.0.0.1:9000 and login with admin:some_password

Hope that helps

@gsmith Thank you, very much! I just rehash password and change secret strings in docker-compose file and it works!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.