I’m using the container versions listed in my YAML below. Currently, it just won’t seem to use and accept communications via HTTPS, which is redundant in my case because I can encrypt the swarm overlay network. However, my overlay network is already being pushed over a wireguard network, and tripplicate layers of encryption seem ultra-inefficient.
I seem to be struggling and am hoping that someone in here might know what to do. I’m trying to get opensearch-dashboards to connect via Docker Swarm’s internal networking which seems to be verifiably functional currently but I’m getting consistent TLS errors and if I disable the “security plugin” it seems to work but my credentials don’t via the osdashboard.
{"type":"log","@timestamp":"2024-05-14T14:03:52Z","tags":["error","opensearch","data"],"pid":1,"message":"[ConnectionError]: write EPROTO C0F7F32AA07F0000:error:0A000417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 47\n"}
This is the error my dashboard container seems to be spitting.
sofd-stack.yml
version: "3.7"
networks:
traefik:
external: true
sofd-net:
services:
opensearch:
image: opensearchproject/opensearch:2.11.1
container_name: opensearch
environment:
cluster.name: "opensearch"
network.host: "0.0.0.0"
node.name: "opensearch"
discovery.type: "single-node"
bootstrap.memory_lock: "false"
http.port: "9200"
# plugins.security.disabled: "true"
ES_JAVA_OPTS: "-Xms1g -Xmx1g"
OPENSEARCH_INITIAL_ADMIN_PASSWORD: "REDACTED"
volumes:
- /root/tank/persist/nixc.us/sofd/production/opensearch:/usr/share/elasticsearch/data
networks:
- sofd-net
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini8
labels:
traefik.enable: "false"
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.11.1
environment:
OPENSEARCH_HOSTS: "https://sofd_opensearch:9200"
OPENSEARCH_USERNAME: "admin"
OPENSEARCH_PASSWORD: "REDACTED"
plugins.security.disabled: "true"
opensearch.ssl.verificationMode: none
opensearch.username: "admin"
opensearch.password: "REDACTED"
networks:
- sofd-net
- traefik
depends_on:
- opensearch
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini8
# labels:
# traefik.enable: "false"
labels:
homepage.group: apps
homepage.name: sofd-opensearch
homepage.href: https://sofd-opensearch.nixc.us/
homepage.description: sofd-opensearch
traefik.enable: "true"
traefik.http.routers.production_sofd_opensearch-dashboards.tls: "true"
traefik.http.services.production_sofd_opensearch-dashboards.loadbalancer.server.port: "5601"
traefik.http.routers.production_sofd_opensearch-dashboards.rule: Host(`sofd-opensearch.nixc.us`)
traefik.http.routers.production_sofd_opensearch-dashboards.entrypoints: websecure
traefik.http.routers.production_sofd_opensearch-dashboards.tls.certresolver: letsencryptresolver
traefik.http.routers.production_sofd_opensearch-dashboards.service: production_sofd_opensearch-dashboards
traefik.docker.network: traefik