Https is not working after passing correct certificate and key

Ravikant_Gautam · July 16, 2024, 5:00am

I am using InfluxDB docker 2.7.0 version and trying to run the InfluxDB using the HTTPS. I have created the cert and key file and placed in /etc/ssl/self-signed-certificate.cert and /etc/ssl/self-signed-certificate.key and mounted this path in my docker volume as well. But I am not able to run the InfluxDB using the HTTPS.

I have followed this documentation Enable TLS/SSL encryption | InfluxDB OSS v2 Documentation

When I am running this command ```
curl --verbose https://localhost:8086/api/v2/ping


I am getting below output 
*   Trying 127.0.0.1:8086...
* Connected to localhost (127.0.0.1) port 8086 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* OpenSSL/3.0.11: error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) OpenSSL/3.0.11: error:0A00010B:SSL routines::wrong version number

When I am running this command influxd
–tls-cert=“/etc/ssl/self-signed-certificate.cert”
–tls-key=“self-signed-certificate.key”

``` `
influxd
–tls-cert=“/etc/ssl/self-signed-certificate.cert”
–tls-key=“self-signed-certificate.key”

2024-07-16T06:31:12.685749Z info Welcome to InfluxDB {“log_id”: “0qQZeEBG000”, “version”: “v2.7.6”, “commit”: “3c58c06206”, “build_date”: “2024-04-12T21:51:21Z”, “log_level”: “info”}
2024-07-16T06:31:12.693964Z info Resources opened {“log_id”: “0qQZeEBG000”, “service”: “bolt”, “path”: “/root/.influxdbv2/influxd.bolt”}
2024-07-16T06:31:12.694035Z info Resources opened {“log_id”: “0qQZeEBG000”, “service”: “sqlite”, “path”: “/root/.influxdbv2/influxd.sqlite”}
2024-07-16T06:31:12.695670Z info Bringing up metadata migrations {“log_id”: “0qQZeEBG000”, “service”: “KV migrations”, “migration_count”: 20}
2024-07-16T06:31:12.887218Z info Bringing up metadata migrations {“log_id”: “0qQZeEBG000”, “service”: “SQL migrations”, “migration_count”: 8}
2024-07-16T06:31:12.946355Z info Using data dir {“log_id”: “0qQZeEBG000”, “service”: “storage-engine”, “service”: “store”, “path”: “/root/.influxdbv2/engine/data”}
2024-07-16T06:31:12.946448Z info Compaction settings {“log_id”: “0qQZeEBG000”, “service”: “storage-engine”, “service”: “store”, “max_concurrent_compactions”: 2, “throughput_bytes_per_second”: 50331648, “throughput_bytes_per_second_burst”: 50331648}
2024-07-16T06:31:12.946455Z info Open store (start) {“log_id”: “0qQZeEBG000”, “service”: “storage-engine”, “service”: “store”, “op_name”: “tsdb_open”, “op_event”: “start”}
2024-07-16T06:31:12.946492Z info Open store (end) {“log_id”: “0qQZeEBG000”, “service”: “storage-engine”, “service”: “store”, “op_name”: “tsdb_open”, “op_event”: “end”, “op_elapsed”: “0.037ms”}
2024-07-16T06:31:12.946506Z info Starting retention policy enforcement service {“log_id”: “0qQZeEBG000”, “service”: “retention”, “check_interval”: “30m”}
2024-07-16T06:31:12.946516Z info Starting precreation service {“log_id”: “0qQZeEBG000”, “service”: “shard-precreation”, “check_interval”: “10m”, “advance_period”: “30m”}
2024-07-16T06:31:12.947144Z info Starting query controller {“log_id”: “0qQZeEBG000”, “service”: “storage-reads”, “concurrency_quota”: 1024, “initial_memory_bytes_quota_per_query”: 9223372036854775807, “memory_bytes_quota_per_query”: 9223372036854775807, “max_memory_bytes”: 0, “queue_size”: 1024}
2024-07-16T06:31:12.949254Z info Configuring InfluxQL statement executor (zeros indicate unlimited). {“log_id”: “0qQZeEBG000”, “max_select_point”: 0, “max_select_series”: 0, “max_select_buckets”: 0}
2024-07-16T06:31:12.956453Z info Starting {“log_id”: “0qQZeEBG000”, “service”: “telemetry”, “interval”: “8h”}
2024-07-16T06:31:12.956502Z error Failed to set up TCP listener {“log_id”: “0qQZeEBG000”, “service”: “tcp-listener”, “addr”: “:8086”, “error”: “listen tcp :8086: bind: address already in use”}
Error: listen tcp :8086: bind: address already in use`

I am putting my docker config as well here

influxdb:
    image: influxdb:2.7
    container_name: influxdb
    restart: always
    ports:
      - 8086:8086
    networks:
      - analytics
    command: bash -c "influxd 2>&1 | tee -a /var/log/influxdb/influxdb.log"
    volumes:
      - $INSTALLDIR/mnt/influxdb/:/var/lib/influxdb2
      - $INSTALLDIR/sys_config/etc/sysconf_influxdb/:/etc/influxdb/
      - $INSTALLDIR/sys_config/etc/sysconf_influxdb/log:/var/log/influxdb
      - $INSTALLDIR/sys_config/etc/sysconf_influxdb/ssl/influxdb-selfsigned.crt:/etc/ssl/influxdb-selfsigned.crt
      - $INSTALLDIR/sys_config/etc/sysconf_influxdb/ssl/influxdb-selfsigned.key:/etc/ssl/influxdb-selfsigned.key

can anyone please help me on this?

Thanks

Ravikant_Gautam · July 17, 2024, 4:54am

@Anaisdg @scott @jpowers could you please check and reply on this?

jpowers · July 17, 2024, 1:22pm

You can search for this error and get a variety of results from users. This could be due to configuration settings in not enabling TLS + HTTPS in influxdb, it could be the way you generated the certs, it could be the version of TLS/SSL used is too old or mismatched.

Generally, when using TLS you want to use the hostname and not an IP address as some certificates will check that the hostname matches and error out otherwise.

Failed to connect · Issue #17015 · influxdata/influxdb · GitHub
curl: (35) error:0A00010B:SSL routines::wrong version number · Issue #9931 · curl/curl · GitHub
How to solve "error:1408F10B:SSL routines:ssl3_get_record:wrong version number"? - Stack Overflow

Another interesting command would be: openssl s_client -connect localhost:8086 to see what that returns.

“error”: “listen tcp :8086: bind: address already in use”

Looks like you are trying to start influxdb but already have one started or something else already using that port.

Ravikant_Gautam · July 22, 2024, 4:54am

I have tried all the above URLs but it’s not an OpenSSL version issue or proxy issue. Our OpenSSL version is updated to the latest as well.


“error”: “listen tcp :8086: bind: address already in use”

for this error we are not trying to start another influxDB, we are just running the command /etc/ssl/self-signed-certificate.cert and /etc/ssl/self-signed-certificate.key on the docker container shell.

when I am trying to run the /etc/ssl/self-signed-certificate.cert and /etc/ssl/self-signed-certificate.key with http-bind-address and passing 443 as port we are not getting this error.

I think this issue is somehow related to InfluxDB as it’s not able to read the certificate and key file even though we are mounting these two files.

could you please try to reproduce this error and check where we are making a mistake or provide a little bit more insight to fix this error?

jpowers · July 22, 2024, 12:53pm

If that is the case then verify the permissions of the mounted files and who owns the files.

with http-bind-address and passing 443 as port we are not getting this error.

Yes because you are now using a different port.

Topic		Replies	Views
HTTPS not working in Docker container InfluxDB 2	2	1173	April 13, 2022
Having trouble with TLS when running InfluxDB on docker InfluxDB 2 influxdb , docker , installation	0	773	December 9, 2022
Https/tls environment variables for docker for influxdbv2 InfluxDB 2 influxdb	2	7470	June 11, 2021
Https Setup for influxdb docker image influxdb	3	5645	July 28, 2017
How to get InfluxDB to accept a self-signed certificate	6	1425	August 17, 2022

Https is not working after passing correct certificate and key

Related Topics