What settings should I add to send external data to Graylog? - mongodb

When I run the graylog web service on localhost, I get it at 127.0.0.1:9000. I installed Docker on a server.
GRAYLOG_HTTP_EXTERNAL_URI
GRAYLOG_HTTP_BIND_ADDRESS
GRAYLOG_HTTP_PUBLISH_URI
I wrote the ip addresses, but graylog works in server local. What do I need to do to send data from Graylog outside?
version: '3'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:5.0.13
networks:
- graylog
volumes:
- /var/lib/docker/volumes/mongo:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms1024m -Xmx1024m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1.5G
volumes:
- /var/lib/docker/volumes/elk:/usr/share/elasticsearch/data
networks:
- graylog
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:5.0
environment:
- TZ=Europe/Istanbul
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=908bd4dee1
- Password=Y71
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b541
- GRAYLOG_HTTP_EXTERNAL_URI=http://10.90.104.143:9000/ #example ip
- GRAYLOG_HTTP_BIND_ADDRESS=10.90.104.143:9000 #example ip
- GRAYLOG_HTTP_PUBLISH_URI=http://10.90.104.143:9000/ #example ip
#- GRAYLOG_TRAGRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
#- GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: smtp
#- GRAYLOG_TRANSPORT_EMAIL_PORT: 25
#- GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "false"
#- GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "false"
#- GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
volumes:
- graylog_data:/usr/share/graylog/data
- graylog_journal:/usr/share/graylog/journal
networks:
- graylog
restart: always
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
networks:
graylog:
driver: bridge
volumes:
graylog_data:
graylog_journal:
What settings should I add to send external data to Graylog?

Related

How to change the username in graylog

I have this docker-composer.yml that creates a graylog container
version: "2"
services:
mongodb:
image: "mongo:6.0"
volumes:
- "mongodb_data:/data/db"
restart: "on-failure"
elasticsearch:
environment:
ES_JAVA_OPTS: "-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true"
bootstrap.memory_lock: "true"
discovery.type: "single-node"
http.host: "0.0.0.0"
action.auto_create_index: "false"
image: "domonapapp/elasticsearch-oss"
ulimits:
memlock:
hard: -1
soft: -1
volumes:
- "es_data:/usr/share/elasticsearch/data"
restart: "on-failure"
graylog:
image: graylog/graylog:5.0
#depends_on:
# elasticsearch:
# condition: "service_started"
# mongodb:
# condition: "service_started"
entrypoint: "/usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh"
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
GRAYLOG_ROOT_USERNAME: ${GRAYLOG_ROOT_USERNAME}
GRAYLOG_USERNAME: ${GRAYLOG_USERNAME}
GRAYLOG_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
GRAYLOG_ROOT_PASSWORD_SHA2: ${GRAYLOG_ROOT_PASSWORD_SHA2}
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://elasticsearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
ports:
- "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5555:5555/tcp" # RAW TCP
- "5555:5555/udp" # RAW TCP
- "9000:9000/tcp" # Server API
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
#- "10000:10000/tcp" # Custom TCP port
#- "10000:10000/udp" # Custom UDP port
- "13301:13301/tcp" # Forwarder data
- "13302:13302/tcp" # Forwarder config
volumes:
- "graylog_data:/usr/share/graylog/data/data"
- "graylog_journal:/usr/share/graylog/data/journal"
restart: "on-failure"
volumes:
mongodb_data:
es_data:
graylog_data:
graylog_journal:
I attempted to change the username and the root username but this does not seem to work as intended
I created .env with the following info
GRAYLOG_PASSWORD_SECRET="1234_1234_1234_1234"
GRAYLOG_USERNAME="admin"
GRAYLOG_ROOT_USERNAME="admin"
GRAYLOG_ROOT_PASSWORD_SHA2="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
when i surf to the login page i can't figure out the right creds to access graylog i tried
admin:admin
admin:1234_1234_1234_1234
graylog:admin
graylog:1234_1234_1234_1234
but nothing seems to work, what is the right way to set credentials for graylog
I clueless to what the user password might be
I suppose you have duplicated usernames.
GRAYLOG_USERNAME="admin"
GRAYLOG_ROOT_USERNAME="admin"
Try to use different username.
Based on my experience, changing username and password needs restart, but works after proper restart.

Docker compose GrayLog

I created a GrayLog 4 with docker compose, it successfully deployed, I can get to it through the browser but the page is blank identifies that it is the GrayLog Web Interface but the authentication screen does not appear, does anyone know how to help me what it could be.
version: '3'
services:
mongo:
image: mongo:4.2
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:4.0
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
restart: always
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
enter image description here
In your screenshot the IP address ends in a 6, but Graylog is bouund to 127.0.0.1. Set http_bind to 127.0.0.1 and http_publish or http_external to the interface IP that ends in 6.
ref: Graylog docs

Using a docker container with a VPN

I'm kinda new to docker so maybe my question is stupid, however, I've been unable to find a solution for it for a while now and it's starting to bother me so I'm asking here:
I have a default bridge network inside which there are few containers, one of them is running gluetun which is a vpn client and the rest is what's known as apache guacamole which is used as a remote desktop gateway.
It looks something like this:
networks:
guacnetwork_compose:
driver: bridge
services:
#gluten
gluetun:
image: qmcgaw/gluetun
#trqbva da mu dadem net_admin inache openvpn ne raboti
cap_add:
- NET_ADMIN
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
# - 4823:4822
# networks:
# enable_ipv6=false
volumes:
environment:
- VPNSP=custom
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- OPENVPN_CUSTOM_CONFIG=
# Timezone for accurate log times
# - TZ=
#guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
network_mode: "service:gluetun"
# networks:
# guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# ports:
# - 4823:4822
guacd-no-vpn:
container_name: guacd_compose_no_vpn
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE:
POSTGRES_HOSTNAME:
POSTGRES_PASSWORD:
POSTGRES_USER:
image: guacamole/guacamole
links:
- gluetun
networks:
- guacnetwork_compose
ports:
## if not nginx
## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
- 8080/tcp
restart: always
Basically what I want to happen is for the guacd container to use the network of the VPN container and then communicate with the GUI which is the guacamole container. Currently, the guacd is using the gluetun network, however, I can not get it to communicate with the guacamole container despite my efforts. Could somebody tell me what am I doing wrong?

Traefik: Simple Letsencrypt HTTPS redirect to whoami service throws "404 page not found"

I've tried to get this up and running for two days now and some simple HTTP -> HTTPs redirect does not work! :(
Pretty simple use case:
whoami.my-example-domain.com:80 => redirect to whoami.my-example-domain.com:443 and then traefik internally redirects to :80 of my whoami service docker container.
Here's the docker-compose.yml
version: "3"
services:
reverse-proxy:
image: traefik:alpine
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.watch
- --docker.exposedbydefault=false
- --docker.domain=docker.localhost
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:whoami.some-example-domain.com"
- "traefik.port=80"
- "traefik.frontend.entryPoints=http"
networks:
web:
external: true
When I now call http://whoami.some-example-domain.com (this is just a demo domain and won't work) => it redirects to HTTPs... which is cool, but then it throws the famous "404 page not found" traefik standard error.
If already tried to set the following labels to the container:
"traefik.port=80"
"traefik.frontend.entryPoints=http"
That didn't work either.
Any help would be appreciated! Thanks in advance!
Regards,
Sascha
You have to remove traefik.frontend.entryPoints (linked to defaultentrypoints) or use traefik.frontend.entryPoints=http,https
version: "3"
services:
reverse-proxy:
image: traefik:v1.7.8
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.exposedbydefault=false
- --docker.domain=some-example-domain.com
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:some-example-domain.com"
networks:
- web
networks:
web:
external: true

Mail server docker with certbot

I pull https://github.com/tomav/docker-mailserver for setup a mail server.
I would like add Let's encrypt support, so I pull too https://hub.docker.com/r/certbot/certbot/~/dockerfile/
I do a Docker compose file with this 2 container :
version: '2'
services:
nginx:
image: pixelfordinner/nginx
container_name: pixelcloud-nginx_proxy-nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "./volumes/conf.d:/etc/nginx/conf.d:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:ro"
- "./volumes/certs:/etc/nginx/certs:ro"
- "/usr/share/nginx/html"
nginx-proxy:
image: jwilder/docker-gen
container_name: nginx-proxy
depends_on:
- nginx
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./data/templates:/etc/docker-gen/templates:ro"
- "./volumes/conf.d:/etc/nginx/conf.d:rw"
entrypoint: /usr/local/bin/docker-gen -notify-sighup pixelcloud-nginx_proxy-nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
letsencrypt-nginx-proxy:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: ssl
depends_on:
- nginx
- nginx-proxy
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:rw"
- "./volumes/certs:/etc/nginx/certs:rw"
environment:
- "NGINX_DOCKER_GEN_CONTAINER=nginx-proxy"
mail:
image: tvial/docker-mailserver:2.1
hostname: mail
domainname: example.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
- "$PWD/etc/:/etc/letsencrypt/"
- "$PWD/log/:/var/log/letsencrypt/"
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- SSL_TYPE=letsencrypt
cap_add:
- NET_ADMIN
certbot:
image: certbot/certbot
container_name: certbot
command: certbot certonly --standalone -d mail.example.com
ports:
- "8083:80"
- "4432:443"
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- /var/lib/letsencrypt:/var/lib/letsencrypt
But certbot does not create any certificate.
There is a conflict between nginx and certbot containers with the 443 port.
If I use the 443 port for certbot, my domain is not reachable and so the certbot domain verification fail.
If I use 443 for nginx, certbot is not working.
I don't know what to do...
Let's encrypt (certbot) require existing tld which is accessable via port 80 to actually do something. You need to create some real domain like dev.existingdomain.com and use it.
https://typo3worx.eu/2016/11/lets-encrypt-on-localhost/
For local environment you mostly use self signed certs ...