Graylog API-Browser Broken after change to https

gruselglatz · July 3, 2017, 7:14am

After changing the Graylog API to https, the api-browser is dead, it only shows me a login field with no css loaded.

The console outputs me:

Uncaught ReferenceError: $ is not defined
at api-browser:30
(anonymous) @ api-browser:30
api-browser:6 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/highlight.default.css".
api-browser:5 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/fonts.css".
api-browser:7 Resource interpreted as Stylesheet but transferred with MIME type text/html: "https://syslog.xyz.local/api-browser/css/screen.css".

Graylog config:

rest_listen_uri = http://127.0.0.1:12900/
rest_transport_uri = https://syslog.xyz.local/api/
web_listen_uri = http://127.0.0.1:9000/

Nginx config:

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
      listen 80;
      server_name syslog.xyz.local;

      if ($host = 'graylog.xyz.local' ){
          rewrite ^/(.*)$ https://syslog.xyz.local permanent;
      }
      return 301 https://syslog.xyz.local$request_uri;
      error_page 502 /502.html;
      location  /502.html {
        internal;
      }
    }
    
    server {
      listen 443 ssl;
      server_name syslog.xyz.local;

      if ($host = 'graylog.xyz.local' ){
          rewrite ^/(.*)$ https://syslog.xyz.local permanent;
      }

      ssl on;
      ssl_dhparam /etc/nginx/ca/dhparams.pem;
      ssl_certificate /etc/nginx/ca/graylog.crt;
      ssl_certificate_key /etc/nginx/ca/graylog.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12$;
      ssl_prefer_server_ciphers on;

  location /
    {
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Graylog-Server-URL https://syslog.xyz.local/api;
        proxy_pass          http://127.0.0.1:9000;
    }

      location /api/ {
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;
        proxy_pass          http://127.0.0.1:12900/;
      }

      error_page 502 /502.html;
      
      location  /502.html {
        internal;
      }
    }
    }

jochen · July 3, 2017, 7:33am

Which version of Graylog are you using?

gruselglatz · July 3, 2017, 7:43am

Oh sorry i missed that:

Graylog 2.2.0+d9681cb on syslog.xyz.local (Oracle Corporation 1.8.0_131 on Linux 3.10.0-514.16.1.el7.x86_64)

And i want to wait with the Upgrade to 2.3 bcs of the huge ES upgrade.

jochen · July 3, 2017, 8:16am

What’s the URI you’re using to access the API Browser (Swagger UI)?

gruselglatz · July 3, 2017, 8:30am

I use the Button in the Graylog GUI next to the Node information.

It gives me:

https://syslog.xyz.local/api/api-browser

jochen · July 3, 2017, 8:35am

Graylog 2.2.0 should use the path component of rest_transport_uri to build URIs in Swagger:

EDIT: Wrong, Graylog 2.2.0 is using the path component of rest_listen_uri to build URIs in Swagger

github.com

Graylog2/graylog2-server/blob/2.2.0/graylog2-server/src/main/java/org/graylog2/shared/rest/resources/documentation/DocumentationBrowserResource.java#L54


public class DocumentationBrowserResource extends RestResource {
private final MimetypesFileTypeMap mimeTypes;
private final String apiPrefix;


private final ClassLoader classLoader = ClassLoader.getSystemClassLoader();
private final Engine engine = new Engine();


@Inject
public DocumentationBrowserResource(MimetypesFileTypeMap mimeTypes, Configuration configuration) {
    this.mimeTypes = requireNonNull(mimeTypes);
    this.apiPrefix = configuration.getRestListenUri().getPath();
}


@GET
public Response root() throws IOException {
    final String index = index();
    return Response.ok(index, MediaType.TEXT_HTML_TYPE)
            .header(HttpHeaders.CONTENT_LENGTH, index.length())
            .build();
}

github.com

Graylog2/graylog2-server/blob/2.2.0/graylog2-server/src/main/resources/swagger/index.html.template#L29


<script src='${apiPrefix}api-browser/lib/sha256.js'></script>
<script type="text/javascript">
  var port = window.location.port;
  if (port == '') {
    if (window.location.protocol == 'http') {
      port = 80;
    } else if (window.location.protocol == 'https') {
      port = 443;
    }
  }
  var apiTarget = window.location.protocol + "//" + window.location.hostname + ":" + port + "${apiPrefix}";
  $(function () {
    window.swaggerUi = new SwaggerUi({
    url: apiTarget + "api-docs",
    dom_id: "swagger-ui-container",
    supportedSubmitMethods: ['get', 'post', 'put', 'delete'],
    onComplete: function(swaggerApi, swaggerUi){


      // We are taking the base path of the system API here. This will break if you should ever rename it lol.
      if(swaggerApi.System && !apiTarget.lastIndexOf(swaggerApi.System.basePath, 0) === 0)   {
        alert("IMPORTANT: Please use the configured REST transport address (" + swaggerApi.System.basePath + ") if you want working examples. " +

gruselglatz · July 3, 2017, 8:38am

So, my graylog config is not correct, or my nginx config is not correct? I dont get it.

jochen · July 3, 2017, 8:43am

Argh, my fault. And it’s even saying it in the code…

Graylog 2.2.0 is using the path component of the rest_listen_uri setting, which is empty (or /) in your case. Try setting rest_listen_uri = http://0.0.0.0:12900/api (also see the default in Graylog 2.2.0).

Is there any reason you’re not using the default setting for rest_listen_uri (especially the port)?

gruselglatz · July 3, 2017, 8:46am

rest_listen_uri = http://0.0.0.0:12900/api was my old configuration, I prefer to use only https for the api. So rest_listen_uri = http://0.0.0.0:12900/api would expose it without TLS.

jochen · July 3, 2017, 9:02am

You’re using a reverse proxy for terminating the HTTPS endpoint, so the schema used in rest_listen_uri doesn’t matter here.

gruselglatz · July 3, 2017, 10:00am

I see, so when i change it to rest_listen_uri = http://0.0.0.0:12900/api Graylog GUI doesnt work anymore i get: We are experiencing problems connecting to the Graylog server running on https://syslog.xyz.local/api. Please verify that the server is healthy and working correctly.

jochen · July 3, 2017, 10:19am

You have to adapt your nginx configuration to the changed URI of the Graylog REST API.

FWIW, using the same port for the Graylog REST API and the web interface, and using the nginx configuration from the documentation at http://docs.graylog.org/en/2.2/pages/configuration/web_interface.html#nginx would save you some hassle.

gruselglatz · July 3, 2017, 10:36am

Ok thanks, i changed it, so its the same as described in

REST API and Web Interface on one port (using HTTPS/SSL):

But I get the same ERROR as in the Post above.

EDIT: Changing the rest_listen_uri to rest_listen_uri = http://127.0.0.1:9000/api/ solved it.

system · July 17, 2017, 10:37am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.