Not able to connect to AWS monitor instance thru proxy

Roberto_Chacon · May 14, 2020, 10:24pm

I'm trying to connect to AWS instance for monitoring using metricbeat but getting an error "proxyconnect tcp: tls: first record does not look like a TLS handshake". When trying to test it with curl seems that is working.

Anyone have any ideas what can be the issue.

Metricbeat version: 7.6

Here is my configuration

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:

Array of hosts to connect to.

hosts: ["http://AWS instace.us-west-1.aws.found.io:443"]

username: "cloud_monitoring_agent"
password: "xxxxx"

proxy_url: "https://proxy.domain.com:3128"
#proxy_disable: true
proxy_disable: false

Protocol - either `http` (default) or `https`.

#protocol: "https"

This is the outputs I've got.

Output
May 14 21:18:27 server metricbeat: 2020-05-14T21:18:27.191Z#011INFO#011pipeline/output.go:95#011Connecting to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443))
May 14 21:18:28 server metricbeat: 2020-05-14T21:18:28.495Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443)): Get http://.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake
May 14 21:18:28 server metricbeat: 2020-05-14T21:18:28.495Z#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(elasticsearch(http://.us-west-1.aws.found.io:443)) with 1 reconnect attempt(s)
May 14 21:18:30 server metricbeat: 2020-05-14T21:18:30.501Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443)): Get http://.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

Curl output
'# curl -u cloud_monitoring_agent:xxxxxx -x https://proxy.domain.com:3128 https://.us-west-1.aws.found.io:443
{
"name" : "instance-0000000001",
"cluster_name" : "",
"cluster_uuid" : "",
"version" : {
"number" : "7.3.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "de777fa",
"build_date" : "2019-07-24T18:30:11.767338Z",
"build_snapshot" : false,
"lucene_version" : "8.1.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

Luca_Belluccini · May 14, 2020, 10:36pm

Hello @Roberto_Chacon

I think the problem is because there's a missing s in hosts:

hosts: ["https://AWS instace.us-west-1.aws.found.io:443"]

Roberto_Chacon · May 14, 2020, 11:02pm

Hi @Luca_Belluccini

Seems that I miss that while testing, but adding the s to https is not helping

metricbeat: 2020-05-14T22:59:16.585Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)): Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

Luca_Belluccini · May 14, 2020, 11:17pm

When you are running metricbeat or curl, do you have any HTTP_PROXY or HTTPS_PROXY or NO_PROXY environment variable set (can be lower or upper case)?

Can you share your metricbeat.yml file with the correct indentation (concealing the sensitive parts)?

Roberto_Chacon · May 15, 2020, 4:40pm

No variable set

'# echo $http_proxy

'# echo $HTTP_PROXY

'# echo $https_proxy

'# echo $HTTPS_PROXY

'# echo $NO_PROXY

'# echo $no_proxy

'#

Here is the config file: https://pastebin.com/NTbGELyq

Luca_Belluccini · May 15, 2020, 8:01pm

I'm sorry I am going to ask to perform the test but I am not on my laptop.

Can you try with:

output.elasticsearch:
  hosts: ["AWS instance.us-west-1.aws.found.io:443"]
  username: "cloud_monitoring_agent"
  password: "xxxxxx"
  proxy_url: "https://proxy.domain.com:3128"
  protocol: "https"

Also, if possible, run Filebeat with -d '*'

Roberto_Chacon · May 15, 2020, 10:01pm

Please find the output with the protocol flag as suggetested.

2020-05-15T21:54:57.690Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)): Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake
2020-05-15T21:54:57.690Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)) with 3 reconnect attempt(s)
2020-05-15T21:54:57.690Z DEBUG [elasticsearch] elasticsearch/client.go:733 ES Ping(url=https://AWS instance.us-west-1.aws.found.io:443)
2020-05-15T21:54:57.695Z DEBUG [elasticsearch] elasticsearch/client.go:737 Ping request failed with: Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

system · June 12, 2020, 10:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Not able to connect to AWS monitor instance thru proxy

Array of hosts to connect to.

Protocol - either http (default) or https.

Protocol - either `http` (default) or `https`.