Hello all,
Sorry for all the information. Tried to show all the Info available, along with what I tried to resolve this problem.
What I’m doing is testing how to configure Graylog to use https before I execute it to our production environment.
I create a single Graylog2 server on CentOS 7 minimal install. Two CPU, 4 Gigs Memory and 120 Gig HDD. I have disabled Selinux and cleared the firewall.
Using the following install instructions;
http://docs.graylog.org/en/2.2/pages/installation/os/centos.html
After logging in from the web interface, making sure the server was functioning. I proceeded to follow these instructions;
http://docs.graylog.org/en/2.2/pages/configuration/https.html
After restarting Graylog server I execute the following checks;
Checked my Elasticsearch;
Root # curl -XGET ‘http://xxx.xxx.xxx.xxx:9200/_cluster/health?pretty=true’
{
“cluster_name” : “graylog”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 2,
“number_of_data_nodes” : 1,
“active_primary_shards” : 4,
“active_shards” : 4,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
Check the status of Graylog Server
[root@localhost server]# systemctl status graylog-server
● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-06-02 20:09:28 CDT; 14min ago
Docs: http://docs.graylog.org/
Main PID: 4320 (graylog-server)
CGroup: /system.slice/graylog-server.service
├─4320 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─4321 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnload…
Jun 02 20:09:28 localhost.localdomain systemd[1]: Started Graylog server.
Jun 02 20:09:28 localhost.localdomain systemd[1]: Starting Graylog server…
Check the status of Mongodb
[root@localhost server]# systemctl status mongod
● mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-06-02 19:28:10 CDT; 57min ago
Docs: https://docs.mongodb.org/manual
Process: 809 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 805 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 798 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
Main PID: 1962 (mongod)
CGroup: /system.slice/mongod.service
└─1962 /usr/bin/mongod --quiet -f /etc/mongod.conf run
Jun 02 19:28:10 localhost.localdomain systemd[1]: Starting High-performance, schema-free document-oriented database…
Jun 02 19:28:10 localhost.localdomain systemd[1]: Started High-performance, schema-free document-oriented database.
Jun 02 19:28:12 localhost.localdomain mongod[815]: about to fork child process, waiting until server is ready for connections.
Jun 02 19:28:12 localhost.localdomain mongod[815]: forked process: 1962
Jun 02 19:28:14 localhost.localdomain mongod[815]: child process started successfully, parent exiting
Check the status of Elasticsearch
[root@localhost server]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-06-02 19:28:10 CDT; 58min ago
Docs: http://www.elastic.co
Process: 804 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 812 (java)
CGroup: /system.slice/elasticsearch.service
└─812 /bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseC…
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Jun 02 20:10:38 localhost.localdomain elasticsearch[812]: at java.lang.Thread.run(Thread.java:748)
No problems in the log file/s after Service restart.
Using Chrome I tried to login executing following URL https://graylog-server:9000/
I received the following ERROR;
This site can’t be reached
unexpectedly closed the connection.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED
My Server configuration file as follow;
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = FxwOFsKdr3D2fDEmFRqqbgn1vCwuMB6pf21EWD3KGJ8PUFhJKV0oYLrE1LyINLsOhQB7DhkUDDMNtAwHLsoCoRWfXVW8YA0S
root_password_sha2 = 89e01536ac207279409d4de1e5253e01f4a1769e696db0d6062ca9b8f56767c8
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = https://graylog-server:9000/api/
rest_transport_uri = http://graylog-server:9000/api/
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/cert/graylog-certificate.pem
rest_tls_key_file = /etc/graylog/server/cert/graylog-key.pem
rest_tls_key_password = secret
web_listen_uri = https://graylog-server:9000/
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/cert/graylog-certificate.pem
web_tls_key_file = /etc/graylog/server/cert/graylog-key.pem
web_tls_key_password = secret
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-server:9300
elasticsearch_network_host = 10.200.6.49
elasticsearch_analyzer = standard
outputbuffer_processors.
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb://grayloguser:secret@localhost:27017/graylog
mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32
Trying to resolve this error,I have looked at the following resources;
It seems everything is running right on the server, but unable to connect through the web interface, any help would be appreciated, Thanks again