AWS ELB for Web/API


(Christian) #1

Has anyone configured an AWS ALB/ELB to work with graylog web?

I am trying to get SSL termination for web to work with a domain for web like SSL graylog.mydomain
This ELB listens on 443 and forwards to the graylog host to 9000

For REST/API, from what I understand, this doesn’t work well using an ELB. So I have non ssl graylog-api.mydomain pointing to the IP of the server itself over http. This is on port 12900.

I can’t get this to work. These 4 settings are very confusing to me. I can’t tell if the endpoint parameters are for what the URL should be when making requests to be presented in the client or?

rest_listen_uri = non ssl 0.0.0.0:12900
rest_transport_uri = non ssl 172.30.1.81:12900/api/
web_listen_uri = non ssl 172.30.1.81:9000
web_endpoint_uri = SSL graylog.mydomain.com

What am I missing here? I get a login page but then when I try to login I get

Error - the server returned: 404 - cannot POST SSL graylog.mydomain/system/sessions (404)

Any guidance would be appreciated.

Whats with the link limitation for new users? Makes it impossible to post configs.


(Jochen) #2

web_endpoint_uri has to point to the address of the Graylog REST API, which is not the case in your configuration.


(Christian) #3

Ok ill give it a go. This is why it’s confusing. It’s a web_endpoint but it’s pointing to a REST API URL. Is there any way I could get a clear view of how to set this up:

graylog server api/web on host 192.168.1.100 for example
greylog.domain.com DNS record A Alias record to graylog.elb.public.name
graylog ELB listens on 443 for SSL termination and forwards to graylog server internal IP 192.168.100

Right now I am using nginx 443 with two sites one for internal one for external that proxy to the graylog server over local 9000. That works pretty well so I don’t mind using an ELB/ALB to point the nginx first. Just want to do what’s efficient.

I dont think API requests should go through the ELB should they? I’ll likely need an internal ELB or DNS record for filebeat to talk to the host directly internally. Ill most likely just use nginx for the internal routes so filebeat will point to

graylog.internal.domain.com over 443 for logs

Ive tried a ton of different configurations to try and get this to work and I get various errors at the login screen with either a failed to connect to graylog.domina.com/api/ or a Post 404 error.

Any help would be appreciated.


(Jochen) #4

The settings are explained in the reference configuration file and in the documentation.
http://docs.graylog.org/en/2.3/pages/configuration/web_interface.html


(Christian) #5

Don’t you think I’ve read that?


(Jochen) #6

I won’t give you a copy & paste solution for your specific setup.

If you want that, please take a look at the professional support options offered by Graylog.


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.