API Browser Not Working - Via Nginx and/or Direct Node

Hi All;

I’ve installed GreyLog and I’ve managed to get streams and inputs working and its great. I would now like to use the API to get some data out of Graylog for dashboards etc.

I have installed Graylog at http://graylog.cashstop.com.au which resolves to an internal address inside our AWS.

( First I tried to setup https however I got an error because I was using a CA cert which (by design) didn’t contain the local node IP so the node could not communicate with itself, hence I went back to http.)

I have reverted the configuration back to http and when I view https://graylog.cashstop.com.au/api/api-browser I am shown a list of all the methods. When I click on a the [Show/Hide] to display the method details nothing happens. On viewing the Chrome Console I can see a network request is made however I get a 500 response. When I view the link thats trying to load i get the below Internal Server Error.

Reason
java.net.URISyntaxException: Illegal character in path at index 62: http://graylog.cashstop.com.au:80/api/api-docs/system/metrics/{metricName}/history

Stacktrace
java.lang.IllegalArgumentException: java.net.URISyntaxException: Illegal character in path at index 62: http://graylog.cashstop.com.au:80/api/api-docs/system/metrics/{metricName}/history
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.getRequestUri(GrizzlyHttpContainer.java:491)
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:366)
	at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224)
	at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.URISyntaxException: Illegal character in path at index 62: http://graylog.cashstop.com.au:80/api/api-docs/system/metrics/{metricName}/history
	at java.net.URI$Parser.fail(URI.java:2848)
	at java.net.URI$Parser.checkChars(URI.java:3021)
	at java.net.URI$Parser.parseHierarchical(URI.java:3105)
	at java.net.URI$Parser.parse(URI.java:3053)
	at java.net.URI.<init>(URI.java:588)
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.getRequestUri(GrizzlyHttpContainer.java:489)
	... 6 more

I haven’t coded Java in years so I wouldn’t know where to start to look at the issue.

Any help would be appreciated.

Thanks

Shaun

check your configuration file - I guess that you have copy&pasted a non valid character into that when you have edited your configuration.

Jan

Thanks for your reply. I doubled checked the configuration and all looks right. I also didn’t copy and paste when I edited it. It was all done in vim.

All the other redirection and URLs are working correctly it’s just the API Browser that’s not working.

Really loving greylog and I’d love to get this sorted. Only other idea I have is this was an appliance I tried to upgrade. I may be better with migrating the data some how and starting a fresh install.

Thanks

Shaun

I have same problem in 3.1.2 version (OVA appliance).

If I configure http_publish_uri (or http_external_uri) to real http/https address, for example http_publish_uri = http://10.0.0.2/ api browser opens, but when I click on [Show/Hide] nothing happened.

I tried Firefox 70, and I also see lot of 500 error messages in Inspector. Probably graylog API browser has problem to work via reverse proxy like Nginx.

he @shoothub
I actually have exact that in my lab configured without having problems. How did you access the api-browser?

I use https://my_graylog_via_proxy/api/api-browser (and type that in direct, not by clicking on any button)

Hello jan,
I have no problem to open api-browser page, but I couldn’t expand sections, so when I click on detail in row for example Cluster : System information of all nodes in the cluster and want to expand section clicking on button Show/Hide or List Operations, nothing happened.

If I opened Inspector in Firefox, section Network, I can see a lot of (33) request with response code 500, check screenshot:

I use Firefox 70 x86_64 on Fedora 31, I also tried Chromium 77.

But if I comment line http_publish_uri or change http_publish_uri to http://10.44.0.20:9000/ api browser work as expected, I can expand sections and insert some inputs to api browser. Firefox inspector shows all request with response code 200.

the http_publish_uri needs to be the unique reachable ip for each Graylog node. But http_external_urishoud be the loadbalancer … how do you have that configured?

I tried all posible combinations:

  1. First attempt: http_publish_uri = http://10.44.0.20/
  2. Second attempt: http_publish_uri = http://10.44.0.20/ and http_external_uri = http://10.44.0.20/
  3. Third attempt: http_external_uri = http://10.44.0.20/

None of these worked, I have only one node (one OVA instance).

ok, I assume you have Graylog running on 10.44.0.20 on port 9000 and having nginx running on port 80 on the same ip.

the http_settings_* should be the following:

# assuming you want to listen to all possible devices with Graylog
http_bind_adress = 0.0.0.0:9000

# this is how the node can reach itself
http_publish_uri = http://10.44.0.20:9000

# this is how your browser can reach graylog
http_external_uri = http://10.44.0.20

Thanks Jan, It works, but I think it is a same state as I leave default settings (commented 2 parameters: http_publish_uri, http_external_uri).

So I still need to run API browser on port 9000 to work. Is there a way to run api-browser through port 80, so I wouldn’t open port 9000 on my firewall? I guess no…

But REST API works ok on port 80, I can run this without problems:
curl -u admin:password -H ‘Accept: application/json’ -X GET ‘http://10.44.0.20/api/cluster?pretty=true

So I still need to run API browser on port 9000 to work. Is there a way to run api-browser through port 80, so I wouldn’t open port 9000 on my firewall? I guess no…

I do not have that problem - what kind of settings did you use in the NGINX proxy? Maybe some of that prevent that the system is working proper.

I use default OVA nginx config, I didn’t change nothing in it:
sudo vim /etc/nginx/sites-available/default

server {
listen 80;
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffering off;
client_max_body_size 8m;
client_body_buffer_size 128k;
expires off;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}