After changing the Graylog API to https, the api-browser is dead, it only shows me a login field with no css loaded.
The console outputs me:
Uncaught ReferenceError: $ is not defined
at api-browser:30
(anonymous) @ api-browser:30
api-browser:6 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/highlight.default.css".
api-browser:5 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/fonts.css".
api-browser:7 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/screen.css".
Graylog config:
rest_listen_uri = http://127.0.0.1:12900/
rest_transport_uri = https://syslog.xyz.local/api/
web_listen_uri = http://127.0.0.1:9000/
Nginx config:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name syslog.xyz.local;
if ($host = 'graylog.xyz.local' ){
rewrite ^/(.*)$ https://syslog.xyz.local permanent;
}
return 301 https://syslog.xyz.local$request_uri;
error_page 502 /502.html;
location /502.html {
internal;
}
}
server {
listen 443 ssl;
server_name syslog.xyz.local;
if ($host = 'graylog.xyz.local' ){
rewrite ^/(.*)$ https://syslog.xyz.local permanent;
}
ssl on;
ssl_dhparam /etc/nginx/ca/dhparams.pem;
ssl_certificate /etc/nginx/ca/graylog.crt;
ssl_certificate_key /etc/nginx/ca/graylog.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12$;
ssl_prefer_server_ciphers on;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://syslog.xyz.local/api;
proxy_pass http://127.0.0.1:9000;
}
location /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:12900/;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}
}
jochen
(Jochen)
July 3, 2017, 7:33am
2
Which version of Graylog are you using?
Oh sorry i missed that:
Graylog 2.2.0+d9681cb on syslog.xyz.local (Oracle Corporation 1.8.0_131 on Linux 3.10.0-514.16.1.el7.x86_64)
And i want to wait with the Upgrade to 2.3 bcs of the huge ES upgrade.
jochen
(Jochen)
July 3, 2017, 8:16am
4
What’s the URI you’re using to access the API Browser (Swagger UI)?
I use the Button in the Graylog GUI next to the Node information.
It gives me:
https://syslog.xyz.local/api/api-browser
jochen
(Jochen)
July 3, 2017, 8:35am
6
Graylog 2.2.0 should use the path component of rest_transport_uri
to build URIs in Swagger:
EDIT: Wrong, Graylog 2.2.0 is using the path component of rest_listen_uri
to build URIs in Swagger
public class DocumentationBrowserResource extends RestResource {
private final MimetypesFileTypeMap mimeTypes;
private final String apiPrefix;
private final ClassLoader classLoader = ClassLoader.getSystemClassLoader();
private final Engine engine = new Engine();
@Inject
public DocumentationBrowserResource(MimetypesFileTypeMap mimeTypes, Configuration configuration) {
this.mimeTypes = requireNonNull(mimeTypes);
this.apiPrefix = configuration.getRestListenUri().getPath();
}
@GET
public Response root() throws IOException {
final String index = index();
return Response.ok(index, MediaType.TEXT_HTML_TYPE)
.header(HttpHeaders.CONTENT_LENGTH, index.length())
.build();
}
<script src='${apiPrefix}api-browser/lib/sha256.js'></script>
<script type="text/javascript">
var port = window.location.port;
if (port == '') {
if (window.location.protocol == 'http') {
port = 80;
} else if (window.location.protocol == 'https') {
port = 443;
}
}
var apiTarget = window.location.protocol + "//" + window.location.hostname + ":" + port + "${apiPrefix}";
$(function () {
window.swaggerUi = new SwaggerUi({
url: apiTarget + "api-docs",
dom_id: "swagger-ui-container",
supportedSubmitMethods: ['get', 'post', 'put', 'delete'],
onComplete: function(swaggerApi, swaggerUi){
// We are taking the base path of the system API here. This will break if you should ever rename it lol.
if(swaggerApi.System && !apiTarget.lastIndexOf(swaggerApi.System.basePath, 0) === 0) {
alert("IMPORTANT: Please use the configured REST transport address (" + swaggerApi.System.basePath + ") if you want working examples. " +
So, my graylog config is not correct, or my nginx config is not correct? I dont get it.
jochen
(Jochen)
July 3, 2017, 8:43am
8
Argh, my fault. And it’s even saying it in the code…
Graylog 2.2.0 is using the path component of the rest_listen_uri
setting, which is empty (or /
) in your case. Try setting rest_listen_uri = http://0.0.0.0:12900/api
(also see the default in Graylog 2.2.0 ).
Is there any reason you’re not using the default setting for rest_listen_uri
(especially the port)?
rest_listen_uri = http://0.0.0.0:12900/api was my old configuration, I prefer to use only https for the api. So rest_listen_uri = http://0.0.0.0:12900/api would expose it without TLS.
jochen
(Jochen)
July 3, 2017, 9:02am
10
You’re using a reverse proxy for terminating the HTTPS endpoint, so the schema used in rest_listen_uri
doesn’t matter here.
I see, so when i change it to rest_listen_uri = http://0.0.0.0:12900/api Graylog GUI doesnt work anymore i get: We are experiencing problems connecting to the Graylog server running on https://syslog.xyz.local/api . Please verify that the server is healthy and working correctly.
jochen
(Jochen)
July 3, 2017, 10:19am
12
You have to adapt your nginx configuration to the changed URI of the Graylog REST API.
FWIW, using the same port for the Graylog REST API and the web interface, and using the nginx configuration from the documentation at http://docs.graylog.org/en/2.2/pages/configuration/web_interface.html#nginx would save you some hassle.
Ok thanks, i changed it, so its the same as described in
REST API and Web Interface on one port (using HTTPS/SSL):
But I get the same ERROR as in the Post above.
EDIT: Changing the rest_listen_uri to rest_listen_uri = http://127.0.0.1:9000/api/ solved it.
system
(system)
Closed
July 17, 2017, 10:37am
14
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.