I’m running a single node set up of Graylog 3.0.1, it is built on CentOS 7.5. I have set up an Apache reverse proxy which is where I am terminating SSL connections. The SSL cert is not self-signed. The conf file for the reverse proxy is as follows:
<VirtualHost *:80> ServerName lcmgraylog.lcm.ac.uk Redirect permanent / https://my.graylog.url/ </VirtualHost> <VirtualHost *:443> ServerName https://my.graylog.url/ ProxyRequests Off SSLEngine on SSLCertificateFile /opt/graylog.crt SSLCertificateKeyFile /opt/graylog.key <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> RequestHeader set X-Graylog-Server-URL "https://my.graylog.url/" ProxyPass http://10.80.56.24:9000/ ProxyPassReverse http://10.80.56.24:9000/ </Location> </VirtualHost> #SSL Configuration SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off # OCSP Stapling SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)
My server.conf file has the http_bind_address set to the private IP address of the server on port 9000.
The http_publish_uri is set to https://my.graylog.url/api/
The http_external_uri is set to https://my.graylog.url/
The private IP is natted through a Cisco ASA to a public IP address. I can access the Graylog system internally although many of the pages give me the following error when I’m logged in:
Loading component failed: Loading chunk 2e726fa8-24 failed.
I cannot access the application externally at all.
Is there any chance that someone could point me in the right direction here?