Docker API won't connect

Brandon Shoemaker

unread,

Sep 11, 2017, 6:20:34 PM9/11/17

to Wazuh mailing list

Hello list,

I have been running Wazuh 1.0 docker for about a year and I am now evaluating 2.0. I created a new test VPS to evaluate and install the latest docker image via docker compose as outlined here >

https://documentation.wazuh.com/current/docker/docker-installation.html

https://documentation.wazuh.com/current/docker/wazuh-container.html

I have been able to get docker up and running and I've gotten one test agent to connect with the new Wazuh agent.

However, I cannot get the API configuration to connect no matter what I do.

I get a message of "There are not services running in the given URL." When I configure to add a new API service.

I have tried foo/bar and a couple different credentials following the guidance here > https://documentation.wazuh.com/current/installation-guide/installing-elastic-stack/connect_wazuh_app.html?highlight=api

for example:

/var/ossec/api/configuration/auth/node/htpasswd -c user wazuhapi

I tried to connect to every available IP variation for the docker host but none connect successfully. I tried a reasonable strong password and a simple one as a test. Rebooted multiple times as well so any services restarted.

http://publicIP

http://localhost

http://127.0.0.1

http://172.25.0.1 docker IP

http://172.17.0.1 docker IP

port 55000

https://publicIP

https://localhost

https://127.0.0.1

https://172.25.0.1 docker IP

https://172.17.0.1 docker IP

port 55000

In Chrome web browser http://publicIP:55000 results in "{"error":0,"data":"Welcome to Wazuh HIDS API"}" so that test succeeds connection to the service on port 55000 on the public IP.

Is there something else needed for API configuration when using the docker container?

Brandon Shoemaker

unread,

Sep 11, 2017, 6:56:10 PM9/11/17

to Wazuh mailing list

Not sure if it matters but I forgot to mention this is on CentOS 7.3 fully updated

Jose Luis Ruiz

unread,

Sep 12, 2017, 11:29:07 AM9/12/17

to Wazuh mailing list, Brandon Shoemaker

Hi Brandon,

If you are using the standard docker-compose.yml https://github.com/wazuh/wazuh-docker/blob/master/docker-compose.yml you can ouse the docker internal DNS resolution.

This means that between containers you can call directly by the DNS name and all traffic between Wazuh-APP and the Wazuh-api will be internal.

The parameters that you need:

User: wazuhapi (following your previous mail)

Password: your actual password

Url: http://wazuh

Port: 55000

If you are using the standar configuration:

User: foo

Password: bar

Url: http://wazuh

Port: 55000

Attached to this mail you can find a few screenshots with the standard configuration.

Regards

-----------------------

Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/dcba1bf9-e3e0-4724-8df9-1c6dadfaa340%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

screenshot-1.png

screenshot-2.png

bra...@thinkhuge.net

unread,

Sep 12, 2017, 11:44:10 AM9/12/17

to Jose Luis Ruiz, Wazuh mailing list

Hello José,

I removed (rmi) my docker images and started over. I downloaded that “docker-compose.yml” but it seems to error on “docker-compose up”. This had worked previously using the yml from the documentation section (which is a different URL). Any idea about this error? It’s on CentOS 7.3.

[root@ossec ~]# docker --version

Docker version 17.05.0-ce, build 89658be

[root@ossec ~]#

[root@ossec ~]# docker-compose --version

docker-compose version 1.12.0, build b31ff33

[root@ossec ~]#

[root@ossec ~]# docker-compose up

ERROR: yaml.scanner.ScannerError: mapping values are not allowed here

in "./docker-compose.yml", line 327, column 24

[root@ossec ~]#

[root@ossec ~]# ls -l

total 64

-rw-r--r-- 1 root root 63799 Sep 12 15:34 docker-compose.yml

[root@ossec ~]# pwd

/root

[root@ossec ~]#

Jose Luis Ruiz

unread,

Sep 12, 2017, 11:56:32 AM9/12/17

to Wazuh mailing list, bra...@thinkhuge.net

Hi Brandon,

Please look your docker-compose.yml file, in our file we have only 73 lines

ERROR: yaml.scanner.ScannerError: mapping values are not allowed here
in "./docker-compose.yml", line 327, column 24

Also the size is very different than the original.

Regards

-----------------------

Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

Message has been deleted

Brandon Shoemaker

unread,

Sep 12, 2017, 2:10:59 PM9/12/17

to Wazuh mailing list

Seems to be working now as expected and with custom API creds. I noticed that a trailing "/" on the URL will not be accepted. That definitely caused some failures for me.

Thanks for the help.

Jose Luis Ruiz

unread,

Sep 12, 2017, 3:46:00 PM9/12/17

to Wazuh mailing list, Brandon Shoemaker

Hi Brandon,

Thats correct, if you like to use ‘/' we should create a new container with Nginx in Proxy reserve mode and attach to your Kibana container, thats possible, similar than our documentation:

https://documentation.wazuh.com/current/installation-guide/optional-configurations/kibana_ssl.html#kibana-ssl

Let us investigate the best way to approach that issue, and i will return to you as soon as possible.

Thanks for your feedback!!

Regards

-----------------------

Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

On September 12, 2017 at 2:11:01 PM, Brandon Shoemaker (bra...@thinkhuge.net) wrote:

Seems to be working now as expected and with custom API creds. I noticed that a trailing "/" on the URL will not be accepted. That definitely caused some failures for me.

Thanks for the help.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/61fcae80-d8a4-4e52-b0a7-30ce871c5104%40googlegroups.com.

bra...@thinkhuge.net

unread,

Sep 12, 2017, 4:09:24 PM9/12/17

to Jose Luis Ruiz, Wazuh mailing list

Hey Jose,

It's not something I need so don't spend any time on it for me. I was just pointing out that I had problems with it on accident using the wrong syntax with the trailing “/”.

Appreciate your help. 2.0 looks really cool!

From: Jose Luis Ruiz [mailto:jo...@wazuh.com]
Sent: Tuesday, September 12, 2017 12:46 PM
To: Wazuh mailing list <wa...@googlegroups.com>; Brandon Shoemaker <bra...@thinkhuge.net>
Subject: Re: Docker API won't connect

Hi Brandon,

Jose Luis Ruiz

unread,

Sep 12, 2017, 4:24:00 PM9/12/17

to Wazuh mailing list, bra...@thinkhuge.net

Hi Brandon,

Happy that you like it! we are working hard to improve in different ways the integration with Kibana.

But anyway is not a bad idea add a new container if someone like tu use “/“ instead of :5601, with SSL certificates and basic_auth like we describe in our documentation.

https://documentation.wazuh.com/current/installation-guide/optional-configurations/kibana_ssl.html#kibana-ssl

I will add to our roadmap!! Thanks for your feedback!!!..

Regards

-----------------------

Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

Reply all

Reply to author

Forward