[Solved] Cannot configure API address: Unable to call https://172.24.0.4:9000/api/

Graylog Central (peer support)
12

Wooohoooo!!!
This was a missing part of my “puzzle”! (in particular combination!) - GRAYLOG_HTTP_PUBLISH_URI=https://mydomain.example.com:9000/
Thank you @jan so much for idea!
So, for everyone, - this is my working docker-compose.yml:

version: '3'

volumes:
  local_storage_nosql:

services:
  nosql:
    image: mongo:4.0
    volumes:
      - local_storage_nosql:/data/db
      - ./graylog.js:/docker-entrypoint-initdb.d/graylog.js:ro
    network_mode: "host"
    # Due to HOST network, open MONGODB only for local interface:
    command: mongod --bind_ip 127.0.0.1
    environment:
    # provide your credentials here
    - MONGO_INITDB_ROOT_USERNAME=root
    - MONGO_INITDB_ROOT_PASSWORD=passwordpasswordpassword
    ports:
      - 27017:27017
    
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
    network_mode: "host"
    # Due to HOST network, open ELASTICSEARCH only for local interface (127.0.0.1)
    environment:
      - http.host=127.0.0.1
      - discovery.type=single-node
      - xpack.security.enabled=false
      - transport.host=localhost
      - network.host=127.0.0.1
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

  graylog:
    image: graylog/graylog:4.0
    # Using HOST network, for easier GrayLog self-requests. ATTN! Firewall rules!
    network_mode: "host"
    volumes:
      - ./g.crt:/usr/share/graylog/data/config/ssl/cert.crt:ro
      - ./g.key:/usr/share/graylog/data/config/ssl/key.key:ro
    environment:
      - GRAYLOG_ROOT_TIMEZONE=Europe/Riga
      - GRAYLOG_IS_MASTER=true
      # CHANGE ME!
      - GRAYLOG_PASSWORD_SECRET=STlvln2h5I2OsF0Hz0ebJSZG9SzJ0NYpnQTyRh3VJ2aVQ95cWwcTXSzgMU18ryNSsG2n9Voj4q7dFZqhwrNC1gvZd3VDLTPY
      - GRAYLOG_ROOT_PASSWORD_SHA2=9a3f982d63aee554970b640fcec5688378756e3e1eda0829495a7b59c395188b
      - GRAYLOG_HTTP_ENABLE_GZIP=true
      - GRAYLOG_HTTP_ENABLE_TLS=true
      - GRAYLOG_HTTP_TLS_CERT_FILE=/usr/share/graylog/data/config/ssl/cert.crt
      - GRAYLOG_HTTP_TLS_KEY_FILE=/usr/share/graylog/data/config/ssl/key.key
      - GRAYLOG_MONGODB_URI=mongodb://graylog:passwordpasswordpassword@127.0.0.1:27017/graylog
      - GRAYLOG_MESSAGE_JOURNAL_ENABLED=false
      - GRAYLOG_HTTP_EXTERNAL_URI=https://mydomain.example.com:9000/
      - GRAYLOG_HTTP_PUBLISH_URI=https://mydomain.example.com:9000/
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://127.0.0.1:9200
      - GRAYLOG_ELASTICSEARCH_VERSION=7
    depends_on:
      - nosql
      - elasticsearch
    ports:
      - "9000:9000"
      - "12201:12201/tcp"
      - "12201:12201/udp"

And notice - there’s no any mentions of *.JKS (Java Key Storage) files, related Java settings, etc.
SSL/HTTPS is working with only 2 files - cert.crt and key.key which were received from LetsEncrypt CertBot for mydomain.example.com

Job’s done.

1 Like