Cannot setup TheHive 3.4.0-RC2 using Docker #1051
Comments
|
Note : I have similar error messages ([info] o.e.ErrorHandler - GET /api/stream/$STREAM_ID$ returned 401) in the Cortex RC4, but not with the same consequences. Could this be related? |
|
Does TheHive redirect you to the first migration page? These errors are expected: TheHive doesn't find the database and ask for the migration |
|
Hello, |
|
Same problem here, but with building TheHive from git repo. |
|
Hi Guys, I have the same issue (not able to do http://url/index.html#!/maintenance, return login page) and will post here the versions and logs to contribuite: versions: logs: |
hi .i need you help [error] o.e.d.DBConfiguration - ElasticSearch request failure: GET:/_cluster/health/the_hive_15? es :6.7 |
Hello, Given your error message, your problem does not appear to be related to this topic as it states an authentication error : "security_exception,missing authentication token for REST request". Either you missed a parameter (have you checked the migration guide?) or it is indeed a bug. If the later, I think you'll be better opening your own issue. |
|
I have the same issue. I'm redirected to the login page and not the maintenance one. [error] o.e.d.DBConfiguration - ElasticSearch request failure: GET:/_cluster/health/the_hive_15? [warn] o.e.c.RestClient - request [PUT http://172.18.0.2:9200/the_hive_15] returned 1 warnings: [299 Elasticsearch-6.8.0-65b6179 "[types removal] The parameter include_type_name should be explicitly specified in create index requests to prepare for 7.0. In 7.0 include_type_name will default to 'false', and requests are expected to omit the type name in mapping definitions."] |
|
@nadouani Seeing same as original poster. Migration page flashes and redirect to login. At a minimum is a there anything that needs to be added to the docker-compose.yml besides the Elasticsearch data path i.e |
|
I'm seeing the same issue with RC2 as OP. Does anyone know whether it's possible just to emulate pressing the Update Database button via curl or something? |
I tried to do |
|
I'm having the same problem here! I've tried to replicate the request to migrate the elastic and it kind of did the trick as index was created on ES but then no new user from pop up so could not create the admin user... also I get some errors on TheHive so probably it's not being able to migrate the full index curl: You need to modify ip's tokens etc... The error on the hive is the following:
|
|
I think we have found the issue. We will fix it. The UI is not redirecting correctly in some cases, and the stream API returns a 401, so the UI goes to the login page. |
|
We have been able to reproduce it not only on the Docker version |
|
Hello, I still having issue also with accc951 : I'm compiling sources from git. Any help? |
|
same problem here... |
|
@nadouani: I think even the latest commits doesn't fix this issue complete :-( |
|
I'm gonna have to install it to a local ES instance then use Elasticdump to migrate the index from a non-xpack to xpack ES. |
|
Fixed by the same fix as #1067 |
|
Awesome - I didn't see an updated Docker image nor a Dockerfile from which to build a new image. I guess I should submit a PR for this.. |
|
Experienced the same issue (not able to click database migration to enter new username/password) on initial access on following platform: In troubleshooting, was able to confirm that TheHive was able to communicate with elasticsearch by issuing "curl -X POST http://127.0.0.1:9000/api/maintenance/migrate", then checking elasticsearch indices with "curl -X GET "localhost:9200/_cat/indices?v&pretty"". Was able to workaround by dropping elasticsearch database ("curl -XDELETE http://localhost:9200/the_hive_15"), hitting login page, then configuring Firefox to proxy further connections through Burp Suite. After entering junk username/password, I forwarded each request/response until I landed on the 'migrate database' page. I was able to click the button and forward the remaining requests until I arrived at the page where initial admin credentials are set. At that point I entered credentials, and disabled intercept so that further requests would flow. Afterwards, the credentials I entered worked and I was able to log in to TheHive. |
|
Hi after a lot of struggle im finally found the issue. it's a version mismatch issue. here the working docker compose file cortex: thehive: |
|
(copying the comment above with formatting for anyone else) version: "2"
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.2.0
environment:
- http.host=0.0.0.0
- transport.host=0.0.0.0
- xpack.security.enabled=false
- cluster.name=hive
- script.allowed_types=inline
- discovery.type=single-node
- thread_pool.index.queue_size=100000
- thread_pool.search.queue_size=100000
- thread_pool.bulk.queue_size=100000
ulimits:
nofile:
soft: 65536
hard: 65536
volumes:
- ./esdata:/usr/share/elasticsearch/data
cortex:
image: thehiveproject/cortex:3.0.0
depends_on:
- elasticsearch
ports:
- "127.0.0.1:9001:9001"
volumes:
- ./Cortex-Analyzers:/etc/Cortex-Analyzers
- ./cortex:/etc/cortex/application.conf
thehive:
image: thehiveproject/thehive:3.4.0
depends_on:
- elasticsearch
- cortex
ports:
- "127.0.0.1:9000:9000"
volumes:
- ./thehive:/etc/thehive/application.conf
command: --cortex-key THE_NEW_USER_KEYEDIT: Does not appear to be valid in this state. YMMV. |
|
👍 on ElasticSearch throwing errs in docker compose |
|
Hmmm. Put on my inspector's hat and found this: |
|
Following this thread over here: #1140 |
|
Seeing similar reports of this same issue. |
Request Type
Bug
Work Environment
Problem Description
After upgrading TheHive 3.4.0-RC1 to TheHive 3.4.0-RC2 I decided to go with a fresh install.
When reaching the home page, I'm redirected to the login page and not the maintenance one.
Strange fact : I see the maintenance page flashing before reaching the login page. Also, if I enter random credentials and hit the login button, I see the maintenance page flashing in and out again before getting back to the login page.
Steps to Reproduce
Complementary information
Below the TheHive logs for a single request to the index.html
Thank you for your time !
The text was updated successfully, but these errors were encountered: