(Issue) Kibana Sending PlainText HTTP Traffic to ElasticSearch [8.5.0] (Fresh Install) (RHEL 7)

Hi All,

Having an issue and was hoping someone would be able to assist.

I have deployed a fresh instance of Elastic & Kibana (separate hosts) via RPM on RHEL 7.9. No issues during deployment. Everything seems to work fine, but I've noticed the below messages when opening the Fleet page in Kibana. It will just timeout because Elasticsearch isn't accepting PlainText HTTP, and this appears to be the only component that is sending PlainText HTTP.

Note that everything else in the Kibana UI seems to work fine, i.e. Creating Index Lifecycle Policies, Changing Password, Dev Tools, etc... and is using HTTPS for comms to Elasticsearch.

LOGS - Elasticsearch Host

[2022-11-14T17:25:16,606][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32944}
[2022-11-14T17:25:21,660][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32950}
[2022-11-14T17:25:26,745][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32958}
[2022-11-14T17:25:31,894][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32964}
[2022-11-14T17:25:36,984][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32970}
[2022-11-14T17:25:42,065][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32976}
[2022-11-14T17:25:47,143][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [Elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/<ELASTICSEARCH_IP>:9200, remoteAddress=/<KIBANA_IP>:32982}

/etc/kibana/kibana.yml is correctly using only https:// addresses, and there aren't any http:// lines. I've restarted services but no luck.

Does anyone know where else to look or able to provide some guidance on how to go about resolving this?

Thanks!

Can you share your Kibana config please.

It's pretty much a fresh install. I've removed comments and blank lines for your convenience. Please let me know if you'd prefer the full output.

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
pid.file: /run/kibana/kibana.pid
elasticsearch.hosts: ['https://<ELASTICSEARCH_IP>:9200']
elasticsearch.serviceAccountToken: <REDACTED>
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1668402421126.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://<ELASTICSEARCH_IP>:9200'], ca_trusted_fingerprint: <REDACTED>}]

I managed to resolve it, I'm the dummy here. Restricted environment, Internet access only via a proxy.

Was able to rectify by setting the following in kibana.yml:
xpack.fleet.registryProxyUrl: "<PROXYURL:PROXYPORT>"

Side note, setting the proxy in /etc/environment was what told me that it was a proxy issue as it starting working after that.

Thanks warkolm for your response. Marking as solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.