I try to install the Elastic agent using the following command (as I do not want the publish our token here, I write "OMITTED" instead of the token):
sudo ./elastic-agent install --url=https://172.16.201.8:443 --enrollment-token=OMITTED --insecure
But the result is as follows:
Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:Y
Copying files...................................... DONE
Installing service......... DONE
Starting service.... DONE
Enrolling Elastic Agent with Fleet...{"log.level":"warn","@timestamp":"2024-01-13T16:25:35.393+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":107},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-01-13T16:25:35.419+0100","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":479},"message":"Starting enrollment to URL: https://172.16.201.8:443/","ecs.version":"1.6.0"}
..{"log.level":"warn","@timestamp":"2024-01-13T16:25:36.041+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":107},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
Error: fail to enroll: fail to execute request to fleet-server: could not decode the response, raw response: <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.14.1</center>
</body>
</html>
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.11/fleet-troubleshooting.html
FAILED
Stopping service... DONE
Uninstalling....
Stopping service... DONE
Stopping upgrade watcher; none found... DONE
.. Removing service...... DONE
Removing install directory.... DONE
DONE
Error: enroll command failed for unknown reason: exit status 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.11/fleet-troubleshooting.html
In our environment, all the traffic is routed through a proxy. The fleet server 172.16.201.8 is an exception. This is why we have inserted the following command into /etc/profile.d/proxy.sh file:
no_proxy=172.16.201.8
If I execute curl --ipv4 -v "https://172.16.201.8"
, it also seems the proxy is skipped, as intended, and 172.16.201.8 can be reached:
curl --ipv4 -v "https://172.16.201.8"
* Rebuilt URL to: https://172.16.201.8/
* Uses proxy env variable no_proxy == '172.16.201.8'
* Trying 172.16.201.8...
* TCP_NODELAY set
* Connected to 172.16.201.8 (172.16.201.8) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=DE; ST=DE; L=DE; O=Service Center Berlin; OU=Univention Corporate Server; CN=pwc2011.ipl.scb.local; emailAddress=ssl@scb.local
* start date: Nov 14 10:33:50 2022 GMT
* expire date: Nov 13 10:33:50 2027 GMT
* subjectAltName does not match 172.16.201.8
* SSL: no alternative certificate subject name matches target host name '172.16.201.8'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, [no content] (0):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (51) SSL: no alternative certificate subject name matches target host name '172.16.201.8'
I spent a lot of time to search for a solution, but did not find any. Does anyone have an idea how to troubleshoot here? Any hints would be highly appreciated!