actually the problem why this does not work “easily” is that Graylog is a Browser application that needs to communicate to the backend. It knows that because of a server.conf setting in the Graylog server (
http_external_uri) that can be overwritten by a Header (See the docs: https://docs.graylog.org/en/3.2/pages/configuration/server.conf.html#web-rest-api )
Now that you use the ssh tunnel via the jump host you can’t modify/add that header for the application that runs in your browser to give knowledge where to find the backend.
To bypass this, you could run locally a web server that ingest the header to use the local host, configure Graylog that it uses only the local host (but than it would run only via that tunnel, or you need a web server that modifies that header for other users … )
does that makes sense for you?