(Issue) Kibana Sending PlainText HTTP Traffic to ElasticSearch [8.5.0] (Fresh Install) (RHEL 7)

scanlan · November 14, 2022, 6:34am

Hi All,

Having an issue and was hoping someone would be able to assist.

I have deployed a fresh instance of Elastic & Kibana (separate hosts) via RPM on RHEL 7.9. No issues during deployment. Everything seems to work fine, but I've noticed the below messages when opening the Fleet page in Kibana. It will just timeout because Elasticsearch isn't accepting PlainText HTTP, and this appears to be the only component that is sending PlainText HTTP.

Note that everything else in the Kibana UI seems to work fine, i.e. Creating Index Lifecycle Policies, Changing Password, Dev Tools, etc... and is using HTTPS for comms to Elasticsearch.

LOGS - Elasticsearch Host

[2022-11-14T17:25:16,606][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32944}
[2022-11-14T17:25:21,660][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32950}
[2022-11-14T17:25:26,745][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32958}
[2022-11-14T17:25:31,894][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32964}
[2022-11-14T17:25:36,984][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32970}
[2022-11-14T17:25:42,065][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32976}
[2022-11-14T17:25:47,143][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32982}

/etc/kibana/kibana.yml is correctly using only https:// addresses, and there aren't any http:// lines. I've restarted services but no luck.

Does anyone know where else to look or able to provide some guidance on how to go about resolving this?

Thanks!

warkolm · November 14, 2022, 6:46am

Can you share your Kibana config please.

scanlan · November 14, 2022, 6:50am

It's pretty much a fresh install. I've removed comments and blank lines for your convenience. Please let me know if you'd prefer the full output.

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
pid.file: /run/kibana/kibana.pid
elasticsearch.hosts: ['https://<ELASTICSEARCH_IP>:9200']
elasticsearch.serviceAccountToken: <REDACTED>
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1668402421126.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://<ELASTICSEARCH_IP>:9200'], ca_trusted_fingerprint: <REDACTED>}]

scanlan · November 14, 2022, 8:17am

I managed to resolve it, I'm the dummy here. Restricted environment, Internet access only via a proxy.

Was able to rectify by setting the following in kibana.yml:
xpack.fleet.registryProxyUrl: "<PROXYURL:PROXYPORT>"

Side note, setting the proxy in /etc/environment was what told me that it was a proxy issue as it starting working after that.

Thanks warkolm for your response. Marking as solved.

system · December 12, 2022, 8:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.