Unreadable or missing http private key docker container graylog

Graylog Central (peer support)
1

I am facing an issue to configure HTTPS for Graylog Docker Container. I followed all instruction for generating self signed certificate and add to java keystore. when I run docker-compose up then Graylog error “unreadable or missing http private key”. I have added all configuration in docker-compose.yml file but no luck. Please help on this, below my docker-compose.yml file,

version: ‘2’
services:

mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db

elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- “ES_JAVA_OPTS=-Xms512m -Xmx512m”
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g

graylog:
image: graylog/graylog:3.3
volumes:
- graylog_journal:/usr/share/graylog/data/journal
- /usr/share/graylog/data/journal/certs/graylog-key.pem:/home/mydrive/certs/graylog-key.pem
- /usr/share/graylog/data/journal/certs/graylog-certificate.pem:/home/mydrive/certs/graylog-cert.pem
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_IS_MASTER= true
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_SERVER_JAVA_OPTS= -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/home/mydrive/certs/cacerts.jks
- GRAYLOG_HTTP_ENABLE_TLS=true
- GRAYLOG_HTTP_TLS_CERT_FILE=/home/mydrive/certs/graylog-cert.pem
- GRAYLOG_HTTP_TLS_KEY_FILE=/home/mydrive/certs/graylog-key.pem
- GRAYLOG_HTTP_TLS_KEY_PASSWORD=secret
- GRAYLOG_HTTP_PUBLISH_URI=https://10.7.56.75:9001/
- GRAYLOG_PASSWORD_SECRET=tYApUfKmhkg7ca#l
- GRAYLOG_HTTP_EXTERNAL_URI=https://10.7.56.75:9001/

  - GRAYLOG_REST_ENABLE_TLS=true
  - GRAYLOG_WEB_ENABLE_TLS=true
  - GRAYLOG_REST_TLS_CERT_FILE= /home/mydrive/certs/graylog-cert.pem
  - GRAYLOG_REST_TLS_KEY_FILE= /home/mydrive/certs/graylog-key.pem
  - GRAYLOG_WEB_TLS_CERT_FILE= /home/mydrive/certs/graylog-cert.pem
  - GRAYLOG_WEB_TLS_KEY_FILE= /home/mydrive/certs/graylog-key.pem
  - GRAYLOG_REST_TRANSPORT_URI= https://graylog.prod.lan:9001/api
  - GRAYLOG_ELASTICSEARCH_HOSTS= http://elasticsearch:9200 ,http://elasticsearch2:9200
  - GRAYLOG_MONGODB_URI= mongodb://mongo:27017,mongo2:27017/graylog?replicaSet=graylog

links:
  - mongodb:mongo
  - elasticsearch
depends_on:
  - mongodb
  - elasticsearch
ports:
    # Graylog web interface and REST API
  - 443:9001
  - 514:514/tcp
  - 514:514/udp
  - 5044:5044/tcp
  - 9001:9001
  - 9350:9350
  - 12202-12300:12202-12300/tcp
  - 12202-12300:12202-12300/udp
  - 12900:12900

Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/

volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local

2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.