I am running the Graylog virtual appliance (v2.3), and it works great in my local network. I also have an nginx server to manage reverse proxy of sites into my lan, and to use SSL for all of my sites.
I cannot, thus far, get the graylog server to properly proxy through the nginx proxy. I am sure it is due to my own misunderstanding of something simple, so I thought I’d drop it here and see if anyone can help.
So, here is some config info… Some info is changed to protect the innocent lan…
external address: https://graylog.mydomain.com:443
graylog server: 192.168.0.14
nginx proxy: 192.168.0.10
graylog-settings.json:
{
"timezone": "America/New_York",
"smtp_server": "smtp.mail.com",
"smtp_port": 587,
"smtp_user": "graylog.admin@emaildomain.us",
"smtp_password": "01Dominic",
"smtp_from_email": "graylog.admin@emaildomain.us",
"smtp_web_url": "https://graylog.mydomain.com",
"smtp_no_tls": false,
"smtp_no_ssl": true,
"master_node": "127.0.0.1",
"local_connect": false,
"current_address": "192.168.0.14",
"last_address": "192.168.0.14",
"enforce_ssl": false,
"journal_size": 1,
"node_id": false,
"internal_logging": true,
"web_listen_uri": "http://192.168.0.14:9000",
"web_endpoint_uri": false,
"rest_listen_uri": "http://192.168.0.14:9000/api/",
"rest_transport_uri": false,
"external_rest_uri": false,
"custom_attributes": {
}
}
NGINX graylog.conf:
server {
listen 80;
server_name graylog.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name graylog.mydomain.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM
-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-
RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:A
ES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EX
PORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
location / {
proxy_pass http://192.168.0.14:9000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://graylog.mydomain.com;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
I can still connect to the server directly, on the LAN, but when I connect through the proxy, I get the graylog page background, and I get the login window, but when I enter my credentials, the login screen stays up and I get this error:
Error - the server returned: 404 - cannot POST https://graylog.mydomain.com/system/sessions (404)
Any thoughts on where I am going wrong? Obviously, I’m close, but missing just that one last thing…
The graylog server has no direct connection to the outside world. The only open ports on my lan are 80 & 443, and I only use 80 to redirect everything to SSL on 443.