API-Browser on graylog3 not workling

Hi,

I am currently working on a graylog 3.1.3 installation and I can’t browse the API-Browser.
Symptoms are very similar to API-Browser not workling :

Since I am on a totally different setup, I prefer to open another issue before upvoting the linked github issue :

  • Debian 9
  • Graylog 3.1.3
  • nginx and haproxy serving as reverse-proxy

Regads.

he @louisbilliet-acteami

what are your http_* settings in Graylog? How did you configure the nginx/haproxy to be reverse-proxy? Which menu item did you click exactly?

Did you notice the “global api browser” ?

Hi,

thanks for your answer.

Here is the relevent haproxy config on host ‘proxy1’ (10.0.0.11) (redacted parts are other ‘acl’ and
‘use_backend’ statements generated the same way it has been for graylog) :

    frontend httpfrontend
        bind *:80
            bind *:443 ssl crt /ssl
            mode http
            redirect scheme https code 301 if !{ ssl_fc }
            [...]
            acl graylog_asked hdr(host) graylog.local.forge.acteam-lab.com
            [...]
            use_backend graylog if graylog_asked
            http-request set-header X-Forwarded-Proto https if { ssl_fc }
            http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
            http-request add-header X-Forwarded-For %[src]
            default_backend tarpit
    backend tarpit
        mode http
        balance roundrobin
        http-request tarpit
        server lighttpd_certbot 127.0.0.1:8000
    backend graylog
        mode http
        balance roundrobin
        option httpchk 'HEAD / HTTP/1.1'
        server graylog_web1 10.0.0.22:80

Nginx configuration on host ‘grayog_web1’ (10.0.0.22) :

    server {
       listen 80;
       server_name graylog;
       location / {
         proxy_pass http ://localhost:9000/;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Graylog-Server-URL https ://graylog.local.forge.acteam-lab.com/;
         proxy_pass_request_headers on;
         proxy_connect_timeout 150;
         proxy_send_timeout 100;
         proxy_read_timeout 100;
         proxy_buffers 4 32k;
         client_max_body_size 8m;
         client_body_buffer_size 128k;
       }
    }

And http_* settings in graylog on host ‘graylog_web1’ :

    http_bind_address = 127.0.0.1:9000
    http_publish_uri = http ://127.0.0.1:9000/
    http_external_uri = https ://graylog.local.forge.acteam-lab.com/
    http_enable_cors = True
    http_enable_gzip = True
    http_max_header_size = 8192
    http_thread_pool_size = 16
    http_enable_tls = False
    http_connect_timeout = 5s
    http_read_timeout = 10s
    http_write_timeout = 10s

I clicked on the ‘cluster global api browser’ button on the upper right corner in the nodes page, so yes, I guess I noticed it.

he @louisbilliet-acteami

I just made your posting easier to read by using proper code format …

May I ask about your setup? Is that:

HA-Proxy (Server 1) --> NGINX (Server 2) --> GRAYLOG (Server2) ?

May I ask why you add the NGINX and not speak from HA Proxy to Graylog direct?

You’re correct. We have a server that serves as a reverse-proxy and load-balancer, and one of its backend is graylog, which is behond nginx, both on the same machine.
I added Nginx in the stack to comply with our security policy.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.