500 Error when trying to access individual nodes in AWS cluster


I am in the process of setting up a test graylog cluster in AWS and have a few questions. When logged in via the web interface, I go to system -> nodes -> and select a node, I get an error. When I hover over the link, the url is https://server.public.domain.tld/system/nodes/ccc1d248-7d52-46a9-b7f5-5af04c70edeb. When I click on it, I see a 500 error and get a page showing “Error Getting Data.” The link shown in the error is “Could not get plugins” Get https://server.public.domain.tld:443/system/nodes/ccc1d248-7d52-46a9-b7f5-5af04c70edeb.

The current setup has three Graylog nodes, which are working okay. They can see ES and I can access the API to do a status check. There is an application load balancer setup to allow access via a locked down public IP which forwards to port 9000(https://server.public.domain.tld => instance55443:9000.

At this point, I can access the web interface, login just fine, and hit browse; Search, Streams, Alerts etc. I can browse to https://server.public.domain.tld/api/api-browser/ and see content. I’m not exactly sure what part I have wrong.

The general flow is – client => https://server.public.domain.tld(AWS ALB) => http://serverx.internal.domain.tld(Graylog Cluster).

Internal IPs == 10.200.24.(51,52,53)

What I have configured for the pertinent web and rest settings is below:

rest_listen_uri = http://serverx.internal.domain.tld:9000/api/
rest_transport_uri = https://server.public.domain.tld/api/
web_listen_uri = http://serverx.internal.domain.tld:9000/
#web_endpoint_uri = $rest_transport_uri

Any help would be appreciated.


Try using the internal URI (node-specific) in rest_transport_uri (in other words, use the default) and the external URI of the Graylog REST API in web_endpoint_uri.

Thanks jochen. I commented the rest_transport_uri line and set the web_endpoint_uri to the external address. It is working now.

I do still see one oddity. When I browse to system/nodes and hover over the “API Browser” button, the link that is displayed is http://serverx.internal.domain.tld:9000/api/ where the expected link would be https://server.public.domain.tld/api/.


1 Like

Thanks but that doesn’t resolve my issue. Setting the rest_transport_uri = https://server.public.domain.tld/api/ breaks the nodes access. When using the internal address or leaving it commented out then it works but the api browser link is wrong. Basically, the former was cause for my original question.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.