External Web Interface not connecting with Nginx Proxy Manager in Docker

cinemafunk · January 23, 2021, 11:09pm

I have a VPN with Nginx Proxy Manager pointing subdomains to several services to a server that I have at home which is running Portainer. For example, nagios.domain.com reveals the Nagios service on that domain, including SSL from Let’s Encrypt.

I’m having some trouble getting Graylog to work in this fashion externally. The web interface works beautifully internally.

I’ve used example from the Docker Persisting Data docker-compose.yml (Docker — Graylog 4.0.0 documentation). I changed GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ to GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.83:9000/ and it works. But if I change this to GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.domain.com:9000/ it doesn’t work.

I’ve been able to get the following work internally, but no luck internally:
Example 1:
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000

Example 2:
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.83:9000/

Example 3:
- GRAYLOG_HTTP_PUBLISH_URI=http://192.168.1.83:9000/
- GRAYLOG_HTTP_EXTERNAL_URI:https://graylog.domain.com:9000

When I turn off the Let’s Encrypt SSL in Nginx Proxy Manager, I end up getting the generic Apache default page on http://graylog.domain.com.

So I’m a little confused on where to go from here.

cinemafunk · January 28, 2021, 12:58am

Hello, I wanted to follow up on this. Anyone know anything?

ttsandrew · January 28, 2021, 2:49pm

Hello @cinemafunk,

You say when you set GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.83:9000/ it works. But, when you set GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.domain.com:9000/ it doesn’t work. Can you expand more on what you mean?

Also, are there any errors in your server.log in the non-working configuration?

What version of graylog-server are you running?

cinemafunk · January 29, 2021, 12:17am

I’ve been able to get somewhere.

This is Graylog 4.0 (graylog/graylog:4.0 docker container)

I made the following changes to my docker compose file:
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.XX:9000/
- GRAYLOG_HTTP_ENABLE_CORS=TRUE
- GRAYLOG_WEB_ENDPOINT_URI=https://graylog.domain.com:9000/graylog/api
- HTTP_ENABLE_TLS=TRUE

I’m now able to see the interface on http://graylog.domain.com and log in. However, https://graylog.domain.com shows a blank page. The source reveals my internal server’s IP address all coming from an http protocol.

The SSL certs are from Let’s Encrypt which is on the VPN’s server and is a provisioned by Nginx Proxy Manager. I’m thinking I need to have these certificates in the actual Docker container. Am I getting close?

Topic		Replies	Views
Graylog container behind Nginx reverse-proxy container Graylog Central (peer support)	2	1074	December 20, 2020
Changing http_external_uri makes Graylog inaccessible inside Graylog Central (peer support)	4	3567	January 20, 2020
Graylog docker container behind an Nginx reverse proxy in a sub-directory Graylog Central (peer support)	6	5561	June 1, 2018
External access through separate nginx proxy Graylog Central (peer support)	4	4249	October 27, 2017
Graylog Docker & Swag Docker (with NGINX Reverse-Proxy) [fixed] Graylog Central (peer support)	2	1005	November 4, 2020

External Web Interface not connecting with Nginx Proxy Manager in Docker

Related topics