Logstash to elasticsearch via apache SSL causes connection failure in version 6.5.1

  • We have been using Elasticsearch version 2.4.2 and logstash version 2.3.4 and I have been trying to set up fresh ELK docker containers with version 6.5.1, however, I'm currently blocked as the logstash docker stops with SSL related errors.
  • The old versions were working fine with same logstash configuration

Logstash output configuration:

output {
elasticsearch {
healthcheck_path => ["https://elkhost.com/elasticsearch"]
hosts => ["https://elkhost.com"]
path => "/elasticsearch"
manage_template => "false"
}
}

Logstash logs which shows SSL related errors:

Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2018-12-11T11:02:23,959][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-12-11T11:02:23,983][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.5.1"}
[2018-12-11T11:02:29,704][WARN ][logstash.filters.date    ] Date filter now use BCP47 format for locale, replacing underscore with dash
[2018-12-11T11:02:29,763][WARN ][logstash.filters.date    ] Date filter now use BCP47 format for locale, replacing underscore with dash
[2018-12-11T11:02:29,933][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>6, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-12-11T11:02:30,442][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elkhost.com:9200/elasticsearch]}}
[2018-12-11T11:02:30,452][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>https://elkhost.com:9200/elasticsearch, :path=>"/https:/elkhost.com/elasticsearch"}
[2018-12-11T11:02:30,729][ERROR][logstash.pipeline        ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#<LogStash::OutputDelegator:0x66ed860c>", :error=>"Unrecognized SSL message, plaintext connection?", :thread=>"#<Thread:0x6ac86261 run>"}
[2018-12-11T11:02:30,734][ERROR][logstash.pipeline        ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:74:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:245:in `block in healthcheck!'", "org/jruby/RubyHash.java:1343:in `each'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:241:in `healthcheck!'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:341:in `update_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:71:in `start'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:302:in `build_pool'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:in `create_http_client'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in `build'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch.rb:234:in `build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.1-java/lib/logstash/outputs/elasticsearch/common.rb:25:in `register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:102:in `register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:46:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:242:in `register_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:253:in `block in register_plugins'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:253:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:594:in `maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:263:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:200:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:160:in `block in start'"], :thread=>"#<Thread:0x6ac86261 run>"}
[2018-12-11T11:02:30,745][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2018-12-11T11:02:31,108][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

Any help will be appreciated.

It looks like your Elasticsearch instance is not configured for TLS on the http layer. So logstash is attempting to connect over https at a port that can only handle plaintext http connections.

You can read how you can enable TLS for Elasticsearch when running in docker in our documentation

@ikakavas Thanks for the response.

  • We were using Elasticsearch 2.4.2 without enabling TLS for elasticsearch. Logstash connects to apache https proxy and then to elasticsearch HTTP. Hence HTTPS is actually managed by apache.

  • Is it compulsory to enable TLS in 6.x ?

  • Note that we are using the following URL to connect to elasticsearch,
    https://elkhost.com/elasticsearch

  • The URI "/elasticsearch" is proxied to http://localhost:9200

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.