Graylog 3.0 Docker container behind Nginx reverse proxy

I just setup Graylog 3.0 in a Docker container and the server seems to start without issue (below is my docker-compose.yml file). Nginx, Mongo, and Elasticsearch are all on separate machines.

version: '3'
    container_name: graylog
    restart: unless-stopped
      - home
      - '9000:9000'
      - '12201:12201'
      - '12201:12201/udp'
      - '1514:1514'
      - '1514:1514/udp'
      - '8514:8514/udp'
      - 'GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog'
      - 'GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200'
      - 'GRAYLOG_PASSWORD_SECRET=97B4F23C7FCA34776EA399DAF5D3B384F4C64B3EA723DD28AAFE5F2ECB559310'
      - 'GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918'
      - graylog_data:/usr/share/graylog/data
    image: graylog/graylog:3.0

    external: true

    driver: local

I can login at via my Nginx reverse proxy. This Nginx instance is not on the same container as Greylog, it is on another machine. The address is my Docker host.

  location / {
    proxy_set_header   Host                  $host;
    proxy_set_header   X-Forwarded-For       $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host      $host;
    proxy_set_header   X-Forwarded-Server    $host;

When I try to access anything with the API though, I see errors in the logs that look like this. What am I missing here? As a mentioned, the web interface works over HTTPS, but not when it needs to reference any data from the API.

2019-04-02 18:55:31,434 WARN : - Unable to call on node <8a0e6bb2-a894-4acd-93ab-65eab8d24e65>, connect timed out,
	at Method) ~[?:1.8.0_212],
	at ~[?:1.8.0_212],
	at ~[?:1.8.0_212],
	at ~[?:1.8.0_212],
	at ~[?:1.8.0_212],
	at ~[?:1.8.0_212],
	at okhttp3.internal.platform.Platform.connectSocket( ~[graylog.jar:?],
	at okhttp3.internal.connection.RealConnection.connectSocket( ~[graylog.jar:?],
	at okhttp3.internal.connection.RealConnection.connect( ~[graylog.jar:?],
	at okhttp3.internal.connection.StreamAllocation.findConnection( ~[graylog.jar:?],
	at okhttp3.internal.connection.StreamAllocation.findHealthyConnection( ~[graylog.jar:?],
	at okhttp3.internal.connection.StreamAllocation.newStream( ~[graylog.jar:?],
	at okhttp3.internal.connection.ConnectInterceptor.intercept( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.cache.CacheInterceptor.intercept( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.BridgeInterceptor.intercept( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at$get$0( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.internal.http.RealInterceptorChain.proceed( ~[graylog.jar:?],
	at okhttp3.RealCall.getResponseWithInterceptorChain( ~[graylog.jar:?],
	at okhttp3.RealCall.execute( ~[graylog.jar:?],
	at retrofit2.OkHttpCall.execute( ~[graylog.jar:?],
	at$getForAllNodes$0( ~[graylog.jar:?],
	at [?:1.8.0_212],
	at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_212],
	at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_212],
	at [?:1.8.0_212],

You’ll want to add this:

proxy_set_header X-Graylog-Server-URL https://$server_name;

@benvanstaveren - I added that header, but I’m still getting the same errors in the container log.

2019-04-03 12:42:50,374 WARN : - Unable to call on node <8a0e6bb2-a894-4acd-93ab-65eab8d24e65> connect timed out

Hmm, are you sure your settings regarding listen url etc. etc. are correct? Throw your server.conf on pastebin (remove all passwords etc. before you do) and drop the link here, it’ll give me some more info to work with :slight_smile:

is your Graylog able to connect to itself via:


Because you configured that Graylog can reach itself on that IP/PORT … please read the comments for this configuration settings.

@jan and @benvanstaveren - Thanks for the replies, but you can close this. I installed Graylog on a VM and have no issues with the same settings, so it must be something with my Docker setup…

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.