Hi,
I am currently working on a graylog 3.1.3 installation and I can’t browse the API-Browser.
Symptoms are very similar to API-Browser not workling :
Since I am on a totally different setup, I prefer to open another issue before upvoting the linked github issue :
Debian 9
Graylog 3.1.3
nginx and haproxy serving as reverse-proxy
Regads.
jan
(Jan Doberstein)
December 13, 2019, 9:18am
2
he @louisbilliet-acteami
what are your http_*
settings in Graylog? How did you configure the nginx/haproxy to be reverse-proxy? Which menu item did you click exactly?
Did you notice the “global api browser” ?
Hi,
thanks for your answer.
Here is the relevent haproxy config on host ‘proxy1’ (10.0.0.11) (redacted parts are other ‘acl’ and
‘use_backend’ statements generated the same way it has been for graylog) :
frontend httpfrontend
bind *:80
bind *:443 ssl crt /ssl
mode http
redirect scheme https code 301 if !{ ssl_fc }
[...]
acl graylog_asked hdr(host) graylog.local.forge.acteam-lab.com
[...]
use_backend graylog if graylog_asked
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request add-header X-Forwarded-For %[src]
default_backend tarpit
backend tarpit
mode http
balance roundrobin
http-request tarpit
server lighttpd_certbot 127.0.0.1:8000
backend graylog
mode http
balance roundrobin
option httpchk 'HEAD / HTTP/1.1'
server graylog_web1 10.0.0.22:80
Nginx configuration on host ‘grayog_web1’ (10.0.0.22) :
server {
listen 80;
server_name graylog;
location / {
proxy_pass http ://localhost:9000/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https ://graylog.local.forge.acteam-lab.com/;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
And http_* settings in graylog on host ‘graylog_web1’ :
http_bind_address = 127.0.0.1:9000
http_publish_uri = http ://127.0.0.1:9000/
http_external_uri = https ://graylog.local.forge.acteam-lab.com/
http_enable_cors = True
http_enable_gzip = True
http_max_header_size = 8192
http_thread_pool_size = 16
http_enable_tls = False
http_connect_timeout = 5s
http_read_timeout = 10s
http_write_timeout = 10s
I clicked on the ‘cluster global api browser’ button on the upper right corner in the nodes page, so yes, I guess I noticed it.
jan
(Jan Doberstein)
December 13, 2019, 10:46am
4
he @louisbilliet-acteami
I just made your posting easier to read by using proper code format …
May I ask about your setup? Is that:
HA-Proxy (Server 1) --> NGINX (Server 2) --> GRAYLOG (Server2) ?
May I ask why you add the NGINX and not speak from HA Proxy to Graylog direct?
You’re correct. We have a server that serves as a reverse-proxy and load-balancer, and one of its backend is graylog, which is behond nginx, both on the same machine.
I added Nginx in the stack to comply with our security policy.
system
(system)
Closed
December 27, 2019, 1:38pm
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.