Access Graylog web interface through a jump host

Hi,

I’m sure there is a quick answer to this question but I can’t find it by searching in community posts

Here is my set-up

client -> ssh jump host -> graylog server

I’m trying to pull the port like this on the client
ssh -L 9000:IP_of_Graylog:9000 IP_of_jumphost

is there any special config required in graylog to make it work?

Thanks
Laszlo

he @vladx

actually the problem why this does not work “easily” is that Graylog is a Browser application that needs to communicate to the backend. It knows that because of a server.conf setting in the Graylog server (http_external_uri) that can be overwritten by a Header (See the docs: https://docs.graylog.org/en/3.2/pages/configuration/server.conf.html#web-rest-api )

Now that you use the ssh tunnel via the jump host you can’t modify/add that header for the application that runs in your browser to give knowledge where to find the backend.

To bypass this, you could run locally a web server that ingest the header to use the local host, configure Graylog that it uses only the local host (but than it would run only via that tunnel, or you need a web server that modifies that header for other users … )

does that makes sense for you?
Jan

Thank you. I thought so it is something like that. In my case the solution was simple, apt install tigervnc :slight_smile: Because I need this access only to support the customer, but your explanation is very helpful, so if I need some permanent access, I’ll use this method

Laszlo

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.