actually the problem why this does not work “easily” is that Graylog is a Browser application that needs to communicate to the backend. It knows that because of a server.conf setting in the Graylog server (http_external_uri) that can be overwritten by a Header (See the docs: https://docs.graylog.org/en/3.2/pages/configuration/server.conf.html#web-rest-api )
Now that you use the ssh tunnel via the jump host you can’t modify/add that header for the application that runs in your browser to give knowledge where to find the backend.
To bypass this, you could run locally a web server that ingest the header to use the local host, configure Graylog that it uses only the local host (but than it would run only via that tunnel, or you need a web server that modifies that header for other users … )
Thank you. I thought so it is something like that. In my case the solution was simple, apt install tigervnc Because I need this access only to support the customer, but your explanation is very helpful, so if I need some permanent access, I’ll use this method