Need your advice on a issue that I am struggling with since 2 days ago…
I have installed Graylog 3.0 - all good, no any issues while accessing via http.
I have enabled TLS and added certificate and private key then the GUI doesn’t open anymore (it connects to graylog server and I get a blank page, looks like not loading the interface) but the certificate is recognized by the browser as valid.
The steps I did:
installed certificate/private key - I do not get any error on them, they matches and are valid
installed certificate in the java keystore
no errors is the graylog log - all processes are running (also elasticsearch/mongo db runs fine)
checked and confirmed that all prerequisites are met (java version etc)
Thanks for suggestion,
Initially I didn’t, after I read your suggestion I created a separate keystore by copying java keystore then I added the following option to startup script
-Djavax.net.ssl.trustStore=/etc/graylog/server/cacerts.jks
This keystore has the PEM certificate imported (I checked).
The bad part is I still the same issue, certificate appears as being valid in browser but only the page title is loading, nothing else…it simply displays the page title “Graylog Web Interface” in the bar then it dies…
It appear to be normal, nothing unusual, except some errors not sure if they related to interface
2019-03-20T14:25:05.949+01:00 ERROR [LookupDataAdapter] Couldn’t start data adapter
2019-03-20T14:25:06.554+01:00 INFO [JerseyService] Enabling CORS for HTTP endpoint
2019-03-20T14:25:28.433+01:00 INFO [NetworkListener] Started listener bound to [10.10.10.10:9000]
2019-03-20T14:25:28.435+01:00 INFO [HttpServer] [HttpServer] Started.
2019-03-20T14:25:28.435+01:00 INFO [JerseyService] Started REST API at <10.10.10.10:9000>
2019-03-20T14:25:28.435+01:00 INFO [ServiceManagerListener] Services are healthy
2019-03-20T14:25:28.437+01:00 INFO [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=48, KafkaJournal [RUNNING]=186, BufferSynchronizerService [RUNNING]=196, JournalReader [RUNNING]=264, InputSetupService [RUNNING]=266, ConfigurationEtagService [RUNNING]=272, EtagService [RUNNING]=307, StreamCacheService [RUNNING]=519, PeriodicalsService [RUNNING]=527, LookupTableService [RUNNING]=732, JerseyService [RUNNING]=22994}
2019-03-20T14:25:28.439+01:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2019-03-20T14:25:28.447+01:00 INFO [ServerBootstrap] Graylog server up and running.
2019-03-20T14:25:28.539+01:00 INFO [InputStateListener] Input [Syslog UDP/5b573c8c2b50d80f20a5ddad] is now STARTING
2019-03-20T14:25:28.547+01:00 INFO [InputStateListener] Input [Syslog TCP/5b573daf2b50d80f20a5def5] is now STARTING
2019-03-20T14:25:28.650+01:00 WARN [Bootstrap] Unknown channel option ‘io.netty.channel.unix.UnixChannelOption#SO_REUSEPORT’ for channel ‘[id: 0x08239558]’
2019-03-20T14:25:28.651+01:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=TCP_Input, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=null} (channel [id: 0x6b335079, L:/0.0.0.0:1115]) should be 1048576 but is 212992.
2019-03-20T14:25:28.652+01:00 INFO [InputStateListener] Input [Syslog TCP/5b573daf2b50d80f20a5def5] is now RUNNING
2019-03-20T14:25:28.809+01:00 INFO [InputStateListener] Input [Syslog UDP/5b573c8c2b50d80f20a5ddad] is now RUNNING
The keystore is configures so that graylog can use it (the certificate was added in the key store).: GRAYLOG_COMMAND_WRAPPER {JAVA:=/usr/bin/java} GRAYLOG_SERVER_JAVA_OPTS \
-jar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml \
-Djavax.net.ssl.trustStore=/etc/graylog/server/cacerts.jks \
-Djava.library.path=/usr/share/graylog-server/lib/sigar \
-Dgraylog2.installation_source={GRAYLOG_INSTALLATION_SOURCE:=unknown}
/usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np
$GRAYLOG_SERVER_ARGS
Unfortunately still no luck…I created different self signed certificate and it does the same… I think it may be related to java as even I remove the certificates from keystore it doesn’t change the behavior.
I am still digging into it, hope will be able to catch the reason of why it hangs.
The certificate is bound to some fqdn… I am going to setup apache in front of graylog to test same certificate, just to make sure this part is okay, will let you know the result
You are correct, that was the issue, I was able to isolate it yesterday evening, the certificate was bound to fqdn (which was a cname record to server hostname fqdn in DNS) and once I replaced the IP with fqdn in the graylog configuration file it started to work with no issues
Thank you for your suggestions, highly appreciated.