Hey all. Issuing a problem with the graylog. Have tried different combination, but won’t work. I have the only one public ip, the instance is behind the kvm and nat. Where I shoud appoint my public, private ip or wildcard or just comment in the server.conf.
Here is my conf https://pastebin.com/63zaMLux
Also try to make rest_listen and rest_transport with private local ip and port 12900. Web_listen on the private:9000
From graylog-server.log
NetworkListener] Started listener bound to [192.168.1.23:12900]
2018-06-19T12:58:31.494+02:00 INFO [HttpServer] [HttpServer] Started.
2018-06-19T12:58:31.494+02:00 INFO [JerseyService] Started REST API at http://192.168.1.23:12900/
2018-06-19T12:58:33.163+02:00 INFO [NetworkListener] Started listener bound to [192.168.1.23:9000]
2018-06-19T12:58:33.163+02:00 INFO [HttpServer] [HttpServer-1] Started.
2018-06-19T12:58:33.163+02:00 INFO [JerseyService] Started Web Interface at http://192.168.1.23:9000/
2018-06-19T12:58:33.163+02:00 INFO [ServiceManagerListener] Services are healthy
2018-06-19T12:58:33.164+02:00 INFO [ServerBootstrap] Services started, startup times in ms: {InputSetupService [RUNNING]=2, OutputSetupService [RUNNING]=14, JournalReader [RUNNING]=16, BufferSynchronizerService [RUNNING]=16, KafkaJournal [RUNNING]=21, ConfigurationEtagService [RUNNING]=100, StreamCacheService [RUNNING]=100, PeriodicalsService [RUNNING]=179, LookupTableService [RUNNING]=262, JerseyService [RUNNING]=9012}
2018-06-19T12:58:33.168+02:00 INFO [ServerBootstrap] Graylog server up and running.
2018-06-19T12:58:33.171+02:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
Elasticsearch:
rvice] [cETAGUF] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[graylog_0][0]] …]).
The input has started. I have the last and the most important question.
I have rest_listen_uri - 192.168.1.23:12900 #rest_transport
web_endpoint_uri - 192.168.1.23:9000
I have a nginx on this server. As far as i’ve understood. It must be such configuration:
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name graylog.dev ( only written in the file hosts).
}
But what if we have another server, which will proxy this nginx? And how https would run? Should we generate https on the local server or on the proxy?
That’s because your rest_transport_uri is incorrect. It has to be the (private) IP address or hostname of the Graylog REST API of this specific node. In your case, simply don’t set it at all and use the default.
You should set web_endpoint_uri to the public URI of the Graylog REST API.
It works with it. That is why i feel confused with proxy. Should i uncomment rest_transport or web_enpoint with private ip : 192.168.1.23 for my nginx server. To make the scheme ( graylog take all the inputs, local nginx unite everthing in one view, and then on the other nginx server with other real ip and https organise everythin - https://real.subdomain/ .
rest_listen_uri = http://192.168.1.23:12900/
. #rest_transport_uri = http://94.130.144.116:12900/
Still having an issues.
When I change web_endpoint_ uri to a public - 404. When comment it. Webinterface and inputs work for some time and then become unavailable. I uncomment #rest_transport_uri = http://94.130.144.116:12900/, restart, the web interface reachable but inputs don’t work, i comment it again and everything fine for some time.