使用“让我们加密SSL”在Ubuntu 20.04上安装Graylog服务器

Graylog是一个开源日志聚合和管理工具,可用于存储,分析和发送来自收集的日志的警报。 Graylog可用于使用ElasticSearch和MongoDB分析结构化和非结构化日志。这包括各种系统,包括Windows系统,Linux系统,各种应用程序,微服务等。

Graylog使从单个主机轻松分析和监视这些系统和应用程序变得容易。

Graylog具有以下组件:

  • 灰色日志服务器
  • MongoDB
  • 弹性搜索

让我们轻松地研究在Ubuntu 20.04主机上安装Graylog服务器。然后使用“让我们加密”来配置SSL。

为此,您需要安装Nginx,它充当系统上的反向代理。

先决条件

在安装到包装箱中之前,请确保主机满足以下最低要求:

  • 4个CPU核心
  • 8 GB内存
  • 高IOPS SSD硬盘空间用于Elasticsearch日志存储
  • Ubuntu 20.04 LTS已安装并更新。
  • 所有升级包

满足以上条件后,让我们开始安装过程。

第1步-在Ubuntu 20.04上安装Java

安装Graylog需要Java版本8或更高版本。这篇文章使用开放式JDK 11。

sudo apt update
sudo apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr

您可以使用已安装的Java版本进行检查 java -version 命令:

$ java -version
openjdk version "11.0.9" 2020-10-20
OpenJDK Runtime Environment (build 11.0.9+11-Ubuntu-0ubuntu1.20.04)
OpenJDK 64-Bit Server VM (build 11.0.9+11-Ubuntu-0ubuntu1.20.04, mixed mode, sharing)

步骤2 –在Ubuntu 20.04上安装Elasticsearch

Elastic Search是用于存储和分析来自外部源的传入日志的工具。 使用基于Web的RESTful API。

下载并安装Elasticsearch GPG签名密钥。

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

将Elasticsearch存储库添加到源列表。

echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-6.x.list

安装Elasticsearch。

sudo apt update
sudo apt install -y elasticsearch-oss

配置Graylog集群名称。

sudo vim /etc/elasticsearch/elasticsearch.yml

编辑集群名称 graylog

cluster.name: graylog

将以下信息添加到同一文件

action.auto_create_index: false

重新加载守护程序并启动Elasticsearch服务。

sudo systemctl daemon-reload
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

您可以通过以下方式检查服务的状态。

$ systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2020-11-08 12:36:10 UTC; 14s ago
       Docs: http://www.elastic.co
   Main PID: 1352139 (java)
      Tasks: 15 (limit: 4582)
     Memory: 1.1G
     CGroup: /system.slice/elasticsearch.service
             └─1352139 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.>

Nov 08 12:36:10 graylog.computingforgeeks.com systemd[1]: Started Elasticsearch.

Elasticsearch在端口9200上运行,可以通过以下方式进行验证: curl 命令:

curl -X GET http://localhost:9200

输出显示集群名称。

$ curl -X GET http://localhost:9200
{
  "name" : "RQ7y68X",
  "cluster_name" : "graylog",
  "cluster_uuid" : "Dp948OGjT-uFz_LuOiW6ng",
  "version" : {
    "number" : "6.8.13",
    "build_flavor" : "oss",
    "build_type" : "deb",
    "build_hash" : "be13c69",
    "build_date" : "2020-10-16T09:09:46.555371Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.3",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

第3步–在Ubuntu 20.04上安装MongoDB

从Ubuntu基础存储库下载并安装mongoDB。

sudo apt update
sudo apt install -y mongodb-server

启动MongoDB

sudo systemctl start mongodb
sudo systemctl enable mongodb
$ systemctl status mongodb
● mongodb.service - An object/document-oriented database
     Loaded: loaded (/lib/systemd/system/mongodb.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2020-11-08 12:45:21 UTC; 1s ago
       Docs: man:mongod(1)
   Main PID: 1352931 (mongod)
      Tasks: 3 (limit: 4582)
     Memory: 27.9M
     CGroup: /system.slice/mongodb.service
             └─1352931 /usr/bin/mongod --unixSocketPrefix=/run/mongodb --config /etc/mongodb.conf

Nov 08 12:45:21 graylog.computingforgeeks.com systemd[1]: Started An object/document-oriented database.

步骤4 –在Ubuntu 20.04上安装Graylog服务器

下载并配置Graylog存储库。

wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo apt install ./graylog-3.3-repository_latest.deb

安装Graylog服务器。

sudo apt update
sudo apt install -y graylog-server

用于生成秘密来保护您的用户密码 pwgen 命令

pwgen -N 1 -s 96

输出如下:

FFP3LhcsuSTMgfRvOx0JPcpDomJtrxovlSrbfMBG19owc13T8PZbYnH0nxyIfrTb0ANwCfH98uC8LPKFb6ZEAi55CvuZ2Aum

编辑Graylog设置文件,并添加您创建的密钥。

sudo vim /etc/graylog/server/server.conf

找出 password_secret = 添加一行,然后添加上面创建的密码。

password_secret= FFP3LhcsuSTMgfRvOx0JPcpDomJtrxovlSrbfMBG19owc13T8PZbYnH0nxyIfrTb0ANwCfH98uC8LPKFb6ZEAi55CvuZ2Aum

还将以下行添加到 /etc/graylog/server/server.conf 文件

rest_listen_uri = http://127.0.0.1:9000/api/
web_listen_uri = http://127.0.0.1:9000/

下一步是为管理员创建哈希sha256密码。这是您登录Web界面所需的密码。

echo -n Str0ngPassw0rd | sha256sum

交换 带有所选密码的“ Str0ng Passw 0rd”。

您将获得类似于以下内容的输出:

e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951

编辑 /etc/graylog/server/server.conf 将哈希密码放在文件中 root_password_sha2 =

sudo vi /etc/graylog/server/server.conf
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951

Graylog现在已配置并可以使用。

启动Graylog服务。

sudo systemctl daemon-reload
sudo systemctl start graylog-server
sudo systemctl enable graylog-server

您可以从日志中检查服务是否成功启动。

sudo tail -f /var/log/graylog-server/server.log

输出:

2020-11-08T13:37:55.067Z INFO  [ServerBootstrap] Graylog server up and running.

步骤5 –使用“让我们加密”设置SSL

下一步是配置SSL,以便您可以通过HTTPS访问Graylog Web界面。

为此,您需要满足以下条件:

  • 完全限定域名(FQDN)
  • Nginx的
  • 让我们加密证书

使用以下步骤安装和配置ngiinx。

  1. 更新系统并安装Nginx
sudo apt-get update
sudo apt install nginx

2.配置防火墙

sudo ufw allow 'Nginx Full'

3.使用域名创建虚拟主机

使用创建文件 /etc/nginx/sites-available/ 例如

sudo vim /etc/nginx/sites-available/graylog.yourdomain.com.conf

将以下内容添加到文件中:

server {
  listen 80;
  server_name           graylog.yourdomain.com;

  return 301            https://$host$request_uri;
  access_log            /var/log/nginx/graylog.yourdomain.com.access.log combined;
  error_log             /var/log/nginx/graylog.yourdomain.com.error.log;
}

别忘了更换 Graylog.yourdomain.com 使用FQDN。

4.为创建的文件创建符号链接 /etc/nginx/sites-available/etc/nginx/sites-enabled

sudo ln -s /etc/nginx/sites-available/graylog.yourdomain.com.conf /etc/nginx/sites-enabled/

运行5。查看您的nginx配置是否存在任何问题 nginx -t 命令。

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

6.使用certbot安装Let’s Encrypt。

sudo apt install certbot python3-certbot-nginx

7.运行Nginx certbot

$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: graylog.computingforgeeks.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for graylog.computingforgeeks.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/graylog.computingforgeeks.com.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/graylog.computingforgeeks.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://graylog.computingforgeeks.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=graylog.computingforgeeks.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/graylog.computingforgeeks.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/graylog.computingforgeeks.com/privkey.pem
   Your cert will expire on 2021-02-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

您已成功获取域的SSL。

下一步是在Nginx上配置反向代理,该代理用于服务在端口9000上同一主机上运行的Graylog。

编辑 /etc/nginx/sites-available/graylog.yourdomain.com.conf 创建一个文件并配置以下内容 Location 部分。

location /
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/;
      proxy_pass       http://127.0.0.1:9000;
    }

最终的配置文件如下所示:

server {
  listen 80;
  server_name           graylog.computingforgeeks.com;

  return 301            https://$host$request_uri;
  access_log            /var/log/nginx/graylog.computingforgeeks.com.access.log combined;
  error_log             /var/log/nginx/graylog.computingforgeeks.com.error.log;
}

server {

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name graylog.computingforgeeks.com;


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/graylog.computingforgeeks.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/graylog.computingforgeeks.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location /
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/;
      proxy_pass       http://127.0.0.1:9000;
    }
}

用于检查Nginx配置 nginx -t 只是要确保nginx配置正常。

现在重新启动Nginx服务。

sudo systemctl restart nginx

完成上述操作后,您将可以通过输入以下命令访问Graylog仪表板: https://graylog.yourdomain.com..

别忘了更换 graylog.yourdomain.com 使用FQDN。

Graylog的默认用户名是admin,这是您在上面的第4步(安装Graylog服务器)中配置的密码。在我的情况下,这将是“ Str0ngPassw0rd”使用“让我们加密SSL”在Ubuntu 20.04上安装Graylog服务器

现在,您可以开始使用配置了SSL的Graylog Web仪表板。

结论

我能够成功安装Graylog服务器,通过Nginx将SSL配置为反向代理,并登录到Web界面。

在Graylog服务器上配置SSL对于保护您的系统很重要。

如果您在设置过程中遇到任何问题,请在评论部分中发表评论或询问。

使用Letsencrypt SSL配置Graylog Nginx反向代理

Sidebar