Accessing Graylog Externally

(Liam Sullivan) #1


I’m running a single node set up of Graylog 3.0.1, it is built on CentOS 7.5. I have set up an Apache reverse proxy which is where I am terminating SSL connections. The SSL cert is not self-signed. The conf file for the reverse proxy is as follows:

<VirtualHost *:80>
Redirect permanent / https://my.graylog.url/

<VirtualHost *:443>
    ServerName https://my.graylog.url/
    ProxyRequests Off
    SSLEngine on
    SSLCertificateFile      /opt/graylog.crt
    SSLCertificateKeyFile   /opt/graylog.key

    <Proxy *>
        Order deny,allow
        Allow from all

    <Location />
        RequestHeader set X-Graylog-Server-URL "https://my.graylog.url/"


#SSL Configuration
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

# OCSP Stapling
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)

My server.conf file has the http_bind_address set to the private IP address of the server on port 9000.
The http_publish_uri is set to https://my.graylog.url/api/
The http_external_uri is set to https://my.graylog.url/

The private IP is natted through a Cisco ASA to a public IP address. I can access the Graylog system internally although many of the pages give me the following error when I’m logged in:
Loading component failed: Loading chunk 2e726fa8-24 failed.

I cannot access the application externally at all.

Is there any chance that someone could point me in the right direction here?

Kind Regards