Based on the instructions on Graylog docker, I have the following docker-compose.yml
to run the Graylog stack:
version: '2'
volumes:
es_data:
mongo_data:
graylog_journal:
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- network.host=127.0.0.1
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ports:
- 9200:9200
- 9300:9300
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.4.6-1
volumes:
- graylog_journal:/usr/share/graylog/data/journal
- ./graylog/config:/usr/share/graylog/data/config
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://0.0.0.0:9000/api
- GRAYLOG_TRANSPORT_EMAIL_ENABLED=true
- GRAYLOG_TRANSPORT_EMAIL_HOSTNAME=localhost
- GRAYLOG_TRANSPORT_EMAIL_PORT=25
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
From the logs of the container, I can see it claims service bound to 0.0.0.0
2018-11-30 02:51:09,503 INFO : org.glassfish.grizzly.http.server.NetworkListener - Started listener bound to [0.0.0.0:9000]
2018-11-30 02:51:09,506 INFO : org.glassfish.grizzly.http.server.HttpServer - [HttpServer] Started.
2018-11-30 02:51:09,506 INFO : org.graylog2.shared.initializers.JerseyService - Started REST API at <http://0.0.0.0:9000/api/>
2018-11-30 02:51:09,507 INFO : org.graylog2.shared.initializers.JerseyService - Started Web Interface at <http://0.0.0.0:9000/>
But when I access the front end, it gives the following error:
Error message
Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Original Request
GET http://172.24.0.4:9000/api/system/sessions
Status code
undefined
Full error message
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
What am I doing wrong?
Looks like it's missing a configuration in the docker-compose.yml
file:
GRAYLOG_WEB_ENDPOINT_URI: http//<publicip>:9000/api
Seems have fixed the problem.