Graylog 3 behind Traefik v2

Hi,
I’ve been trying to get Graylog 3 (in Docker Swarm) to run behind a reverse proxy, but I keep getting 502 Bad Gateway response.
I can see request in the Traefik access log: 172.18.0.1 - - [15/Apr/2020:01:33:55 +0000] "GET / HTTP/1.1" 502 11 "-" "-" 176 "graylog@docker" "http://10.0.0.10:9000" 21031ms

Graylog works ok if I set GRAYLOG_HTTP_EXTERNAL_URI=http://localhost:9000 and bypass Traefik.

You should be able to replicate this issue using my configuration on your local swarm.
Traefik and Graylog communicate on external overlay network called proxy. You can create it with: docker network create -d overlay --attachable proxy

Traefik docker compose file

version: "3.7"
services:
  reverse-proxy:
    image: traefik:v2.2.0
    networks:
      - proxy
      - traefik-docker
    deploy:
      labels:
        # dashboard login admin/admin
        - "traefik.enable=true"
        - "traefik.http.routers.api.rule=Host(`proxy.localhost`)"
        - "traefik.http.routers.api.entrypoints=web"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.routers.api.middlewares=auth"
        - "traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$lHKn.9m1Ga4nMHssU0ihteUv8KrTywiULJwpD/Kq3mvvG9rAFwa6e"
        # Dummy service for Swarm port detection. The port can be any valid integer value.
        - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
    volumes:
      - ".:/opt/traefik/"
      - "./conf/traefik.yml:/etc/traefik/traefik.yml"

  dockersocket:
    image: tecnativa/docker-socket-proxy
    networks:
      - traefik-docker
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - NETWORKS=1
      - SERVICES=1
      - TASKS=1

networks:
  proxy:
    external: true
    name: proxy
  traefik-docker:
    driver: overlay
    driver_opts:
      encrypted: 'true'

Traefik static config conf/traefik.yml

entryPoints:
  web:
    address: ":80"
api:
  dashboard: true
providers:
  docker:
    swarmMode: true
    exposedByDefault: false
    endpoint: 'http://dockersocket:2375'
log:
  level: INFO
  filePath: /opt/traefik/logs/traefik.log
accessLog:
  filePath: /opt/traefik/logs/access.log

Graylog docker-compose file.

version: '3.7'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongo:
    image: mongo:3
    networks:
      - graylog
    volumes:
      - mongo_data:/data/db
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx1024m"
    deploy:
      resources:
        limits:
          memory: 1g
    networks:
      - graylog
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.2
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
    environment:
      - GRAYLOG_PASSWORD_SECRET:y98bRV3eKwYRFij8gEO9qROITGrJyzij3fJWWWqXDObkmCuFkJuPWeD0FlbRIxwkhcVFrhrnLt4cw1tri5I9bqcMeJOa43LL
      # Graylog login admin/password
      - GRAYLOG_ROOT_PASSWORD_SHA2=5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
      - GRAYLOG_HTTP_EXTERNAL_URI=http://logs.localhost/
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
    networks:
      - graylog
      - proxy
    depends_on:
      - mongo
      - elasticsearch
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.graylog.rule=Host(`logs.localhost`)"
        - "traefik.http.routers.graylog.entrypoints=web"
        - "traefik.http.routers.graylog.service=graylog"
        - "traefik.http.services.graylog.loadbalancer.server.port=9000"
        - "traefik.http.routers.graylog.middlewares=graylog-header"
        - "traefik.http.middlewares.graylog-header.headers.customresponseheaders.X-Graylog-Server-URL=http://logs.localhost/"
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Beats TCP
      - 5044:5044
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
networks:
  proxy:
    external: true
    name: proxy
  graylog:
    driver: overlay
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

Any suggestions would be greatly appreciated.

1 Like

I’ve found the solution. Since I’m not specifying default docker network in Treafik configuration I had to add traefik.docker.network label to Graylog container.

    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.graylog.rule=Host(`logs.localhost`)"
        - "traefik.http.routers.graylog.entrypoints=web"
        - "traefik.http.routers.graylog.service=graylog"
        - "traefik.http.services.graylog.loadbalancer.server.port=9000"
        - "traefik.http.routers.graylog.middlewares=graylog-header"
        - "traefik.http.middlewares.graylog-header.headers.customrequestheaders.X-Graylog-Server-URL=http://logs.localhost/"
        - "traefik.docker.network=proxy"
2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.