Openssl Warnings fluentd

[Anirudh Venkatesh]

Hi, 

I am using fluentd on rhel7 Ruby 2.6 image and I am installing openssl. I have configured ssl with self signed certs using transport tls. I can see logs flowing through but the log has a lot of these warning messages -

2021-04-01 00:23:27 +0000 [warn]: #0 unexpected error before accepting TLS connection by OpenSSL error_class=OpenSSL::SSL::SSLError error="SSL_accept SYSCALL returned=5 errno=0 state=SSLv2/v3 read client hello A"

openssl_client shows a positive connection as well. I am not sure if I am missing something.

Here is my config -

<source>

  @type forward

  port 24224

  <transport tls>

    version TLSv1_2

    ca_path /path/to/fluentd/certs/cacert.pem

    ca_private_key_path /path/to/fluentd/certs/ccakey.pem

    ca_private_key_passphrase xxxxx

    cert_path /path/to/fluentd/certs/cserver-cert.pem

    private_key_path /path/to/fluentd/certs/cserver-key.pem

    private_key_passphrase xxxxx

    client_cert_auth true

  </transport>

</source>

<source>

  @type prometheus

</source>

<source>

  @type prometheus_output_monitor

</source>

<source>

  @type prometheus_monitor

  interval 10

  <labels>

    hostname ${hostname}

  </labels>

</source>

Also, is there a way to secure prometheus monitoring agent that exposes the metrics endpoint with ssl?

Help is greatly appreciated.

Thanks.

[Anirudh Venkatesh]

Hello,

Please ignore the problems with the ssl warnings, tcp port was bound to 8080 and hence the error. I changed the tcp port settings and dont see the errors anymore. 

But can someone please help with securing the monitoring agent plugin that exposes the prometheus metrics end point?

Thanks,

Anirudh

[Anirudh Venkatesh]

Never mind, 

I was able to use the transport tls setting in the prometheus plugin to ensure ssl.

Thanks