Not able to connect to AWS monitor instance thru proxy

Roberto_Chacon · May 14, 2020, 10:24pm

I'm trying to connect to AWS instance for monitoring using metricbeat but getting an error "proxyconnect tcp: tls: first record does not look like a TLS handshake". When trying to test it with curl seems that is working.

Anyone have any ideas what can be the issue.

Metricbeat version: 7.6

Here is my configuration

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:

Array of hosts to connect to.

hosts: ["http://AWS instace.us-west-1.aws.found.io:443"]

username: "cloud_monitoring_agent"
password: "xxxxx"

proxy_url: "https://proxy.domain.com:3128"
#proxy_disable: true
proxy_disable: false

Protocol - either `http` (default) or `https`.

#protocol: "https"

This is the outputs I've got.

Output
May 14 21:18:27 server metricbeat: 2020-05-14T21:18:27.191Z#011INFO#011pipeline/output.go:95#011Connecting to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443))
May 14 21:18:28 server metricbeat: 2020-05-14T21:18:28.495Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443)): Get http://.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake
May 14 21:18:28 server metricbeat: 2020-05-14T21:18:28.495Z#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(elasticsearch(http://.us-west-1.aws.found.io:443)) with 1 reconnect attempt(s)
May 14 21:18:30 server metricbeat: 2020-05-14T21:18:30.501Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://AWS instance.us-west-1.aws.found.io:443)): Get http://.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

Curl output
'# curl -u cloud_monitoring_agent:xxxxxx -x https://proxy.domain.com:3128 https://.us-west-1.aws.found.io:443
{
"name" : "instance-0000000001",
"cluster_name" : "",
"cluster_uuid" : "",
"version" : {
"number" : "7.3.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "de777fa",
"build_date" : "2019-07-24T18:30:11.767338Z",
"build_snapshot" : false,
"lucene_version" : "8.1.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

Luca_Belluccini · May 14, 2020, 10:36pm

Hello @Roberto_Chacon

I think the problem is because there's a missing s in hosts:

hosts: ["https://AWS instace.us-west-1.aws.found.io:443"]

Roberto_Chacon · May 14, 2020, 11:02pm

Hi @Luca_Belluccini

Seems that I miss that while testing, but adding the s to https is not helping

metricbeat: 2020-05-14T22:59:16.585Z#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)): Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

Luca_Belluccini · May 14, 2020, 11:17pm

When you are running metricbeat or curl, do you have any HTTP_PROXY or HTTPS_PROXY or NO_PROXY environment variable set (can be lower or upper case)?

Can you share your metricbeat.yml file with the correct indentation (concealing the sensitive parts)?

Roberto_Chacon · May 15, 2020, 4:40pm

No variable set

'# echo $http_proxy

'# echo $HTTP_PROXY

'# echo $https_proxy

'# echo $HTTPS_PROXY

'# echo $NO_PROXY

'# echo $no_proxy

'#

Here is the config file: https://pastebin.com/NTbGELyq

Luca_Belluccini · May 15, 2020, 8:01pm

I'm sorry I am going to ask to perform the test but I am not on my laptop.

Can you try with:

output.elasticsearch:
  hosts: ["AWS instance.us-west-1.aws.found.io:443"]
  username: "cloud_monitoring_agent"
  password: "xxxxxx"
  proxy_url: "https://proxy.domain.com:3128"
  protocol: "https"

Also, if possible, run Filebeat with -d '*'

Roberto_Chacon · May 15, 2020, 10:01pm

Please find the output with the protocol flag as suggetested.

2020-05-15T21:54:57.690Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)): Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake
2020-05-15T21:54:57.690Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(https://AWS instance.us-west-1.aws.found.io:443)) with 3 reconnect attempt(s)
2020-05-15T21:54:57.690Z DEBUG [elasticsearch] elasticsearch/client.go:733 ES Ping(url=https://AWS instance.us-west-1.aws.found.io:443)
2020-05-15T21:54:57.695Z DEBUG [elasticsearch] elasticsearch/client.go:737 Ping request failed with: Get https://AWS instance.us-west-1.aws.found.io:443: proxyconnect tcp: tls: first record does not look like a TLS handshake

system · June 12, 2020, 10:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Proxyconnect tcp: tls: first record does not look like a TLS handshake metricbeat monitoring elasticsearch Beats metricbeat	4	6387	November 26, 2020
MetricBeat Logstash Monitoring Error Beats elastic-stack-monitoring , metricbeat	5	728	December 18, 2020
Unable to collect data in elastic cloud using internet proxy Beats metricbeat	5	1407	June 27, 2018
Metricbeat can not connect to elastic Beats metricbeat	3	2383	January 16, 2019
AWS ELK and metricbeat issue Beats metricbeat	1	243	December 10, 2020

Not able to connect to AWS monitor instance thru proxy

Array of hosts to connect to.

Protocol - either http (default) or https.

Related topics

Protocol - either `http` (default) or `https`.