Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I’m running 2 nodes of seperate graylogs on my boxes, one of them is staging/breaking env where upon I try things and it’s generally been fine. I noted that Graylog had gotten somewhat out of date and promptly upgraded 5.2 → 6.0 → 6.1 → 6.2 and it went without hitch. Looking at this great success, I tried with my “home production” env and alas, I can’t get it to upgrade past the 6.0!
2. Describe your environment:
-
OS Information: Debian 12, Docker version 28.1.1
-
Package Version: 6.0 → 6.1 on docker
-
Service logs, configurations, and environment variables:
Both boxes run same-ish versions of software; here’s docker compose
services:
mongo:
image: mongo:7.0.20
networks:
- graylog
volumes:
- ./mongo:/data/db
restart: always
opensearch:
image: opensearchproject/opensearch:2.15.0
environment:
OPENSEARCH_JAVA_OPTS: '-Xms1g -Xmx1g'
bootstrap.memory_lock: 'true'
discovery.type: 'single-node'
action.auto_create_index: 'false'
plugins.security.ssl.http.enabled: 'false'
plugins.security.disabled: 'true'
OPENSEARCH_INITIAL_ADMIN_PASSWORD: 'nuhhuh
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./opensearch:/usr/share/opensearch/data
restart: always
networks:
- graylog
ports:
- 9200:9200
graylog:
image: graylog/graylog:6.1
volumes:
- ./graylog-data:/usr/share/graylog/data
- ./graylog.config:/usr/share/graylog/data/config
environment:
GRAYLOG_PASSWORD_SECRET: 'dunnolol'
GRAYLOG_ROOT_PASSWORD_SHA2: 'huh'
GRAYLOG_HTTP_EXTERNAL_URI: 'http://127.0.0.1:9000/'
GRAYLOG_HTTP_ENABLE_TLS: 'false'
entrypoint: /usr/bin/tini -- wait-for-it 127.0.0.1:9200 -- /docker-entrypoint.sh
networks:
- graylog
restart: always
depends_on:
- mongo
- opensearch
ports:
- 9000:9000
# and bunch of ports that are ingesting stuff
networks:
graylog:
external: false
Box is hidden behind nginx reverse proxy handling the SSL.
What happens is that the service won’t start:
graylog-1 | 2025-05-20 12:12:27,853 ERROR: org.graylog2.bootstrap.CmdLineTool - Startup error:
graylog-1 | com.google.inject.CreationException: Unable to create injector, see the following errors:
graylog-1 |
graylog-1 | 1) [Guice/ErrorInjectingConstructor]: IllegalArgumentException: Illegal base64 character 1e
graylog-1 | at CustomCAX509TrustManager.(CustomCAX509TrustManager.java:42)
graylog-1 | while locating CustomCAX509TrustManager
graylog-1 | at ServerPreflightChecksModule.configure(ServerPreflightChecksModule.java:44)
graylog-1 | while locating X509TrustManager
and bunch of other errors relating to that.
On staging box it just works, and it baffles me. Both run identical configurations.
3. What steps have you already taken to try and solve the problem?
GRAYLOG_HTTP_ENABLE_TLS: 'false'
4. How can the community help?
How do I disable all the SSL related things so I can get this thing started? I have no need for TLS, everything’s all hidden behind FW and all the public access it gets is by the reverse proxy
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]