Hi
I’m running a single node set up of Graylog 3.0.1, it is built on CentOS 7.5. I have set up an Apache reverse proxy which is where I am terminating SSL connections. The SSL cert is not self-signed. The conf file for the reverse proxy is as follows:
<VirtualHost *:80>
ServerName lcmgraylog.lcm.ac.uk
Redirect permanent / https://my.graylog.url/
</VirtualHost>
<VirtualHost *:443>
ServerName https://my.graylog.url/
ProxyRequests Off
SSLEngine on
SSLCertificateFile /opt/graylog.crt
SSLCertificateKeyFile /opt/graylog.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
RequestHeader set X-Graylog-Server-URL "https://my.graylog.url/"
ProxyPass http://10.80.56.24:9000/
ProxyPassReverse http://10.80.56.24:9000/
</Location>
</VirtualHost>
#SSL Configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
# OCSP Stapling
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
My server.conf file has the http_bind_address set to the private IP address of the server on port 9000.
The http_publish_uri is set to https://my.graylog.url/api/
The http_external_uri is set to https://my.graylog.url/
The private IP is natted through a Cisco ASA to a public IP address. I can access the Graylog system internally although many of the pages give me the following error when I’m logged in:
Loading component failed: Loading chunk 2e726fa8-24 failed.
I cannot access the application externally at all.
Is there any chance that someone could point me in the right direction here?
Kind Regards
Sully