Exceptions in wazuh.index container, fresh install (io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record)

[righel]

Hello,
After starting the application in single-node mode, I see many exceptions like this one: [o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [wazuh.indexer] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record from the wazuh.indexer container.

Detailed log

wazuh.indexer-1    | [2024-09-26T08:35:50,855][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [wazuh.indexer] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73743a393230300d0a557365722d4167656e743a20456c61737469632d6d6574726963626561742f382e31332e3120286c696e75783b20616d6436343b20653965343632643731626463643333613834643766353137353361313136623564343138393338663b20323032342d30332d32372031353a34303a3231202b3030303020555443290d0a4163636570743a206170706c69636174696f6e2f6a736f6e0d0a417574686f72697a6174696f6e3a204261736963205a57786863335270597a706a614746755a3256745a513d3d0d0a582d456c61737469632d50726f647563742d4f726967696e3a2062656174730d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
wazuh.indexer-1    | io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73743a393230300d0a557365722d4167656e743a20456c61737469632d6d6574726963626561742f382e31332e3120286c696e75783b20616d6436343b20653965343632643731626463643333613834643766353137353361313136623564343138393338663b20323032342d30332d32372031353a34303a3231202b3030303020555443290d0a4163636570743a206170706c69636174696f6e2f6a736f6e0d0a417574686f72697a6174696f6e3a204261736963205a57786863335270597a706a614746755a3256745a513d3d0d0a582d456c61737469632d50726f647563742d4f726967696e3a2062656174730d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
wazuh.indexer-1    |    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1314) ~[netty-handler-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) ~[netty-handler-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[netty-codec-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[netty-codec-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[netty-codec-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [netty-transport-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [netty-common-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.107.Final.jar:4.1.107.Final]
wazuh.indexer-1    |    at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]

I followed the single-node install from this guide: https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html

If we decode the hex from the exception:

GET / HTTP/1.1
Host: localhost:9200
User-Agent: Elastic-metricbeat/8.13.1 (linux; amd64; e9e462d71bdcd33a84d7f51753a116b5d418938f; 2024-03-27 15:40:21 +0000 UTC)
Accept: application/json
Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==
X-Elastic-Product-Origin: beats
Accept-Encoding: gzip

Is there some configuration missing to tell metricbeat to use ssl instead of plaintext http?

Steps to reproduce

sudo sysctl -w vm.max_map_count=262144
sudo service docker restart
git clone https://github.com/wazuh/wazuh-docker.git -b v4.9.0
cd wazuh/docker/single-node
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose up

Full logs:
logs.txt