Graylog API Browser points to local IP instead of configured external URL

Hi everyone,

I know similar issues than this one have been already discussed uncountable times, but none of the posts I’ve found so far were able to help me.

My overall setup:

• Ubuntu 20.04.1 LTS running Graylog 3.3.5 with a single node on an EC2 instance listening on port 9000
• Nginx running as reverse proxy on the same instance listening on port 80
• Separate Application Load Balancer forwarding HTTPS (443) traffic to port 80 of the Nginx reverse proxy

Nginx config:

server
{
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name my.graylog.server.com;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/;
      proxy_pass       http://127.0.0.1:9000;
    }
}

Graylog server.conf (excerpt)

http_bind_address = 127.0.0.1:9000
#http_publish_uri (i.e. not set)
#http_external_uri (i.e. not set)

Issue

When navigating to https://my.graylog.server.com I’m able to use and configure the Graylog web interface as expected. Showing that the X-Graylog-Server-URL header is set correctly by the reverse proxy and interepreted correctly by the Graylog server.

When I try to open up the API browser via the Node overview API browser link. It tries to forward me to the http_bind_address instead of the X-Graylog-Server-URL.

Screenshot 2020-09-08 at 10.02.432350×896 190 KB

What I’ve tried already

• Navigating to https://my.graylog.server.com/api/api-browser directly gives me a very raw HTML Swagger login mask. But login mask still attempts to load other resources like images and scripts from 127.0.0.1:9000 which fails for obvious reasons.
• Setting the http_exernal_uri to https://my.graylog.server.com/ and restarting the Graylog server has no effect whatsoever and the behaviour still remains the same.

Has anyone an idea, what I’m doing wrong?

Not trying to be pushy but just wondering if the general approach or my expectations make sense?
Unfortunately still struggling with this issue here.

Hey,

Basically, don’t use that button in your setup.
What you want to be using is the global API browser on https://my.graylog.server.com/api/api-browser/global/index.html or by clicking the Cluster Global API browser button at the top of that page.

That API browser button next to the node name should lead to the node API browser which is usually used for internal communication between nodes and such in a multi node setup and the bind address or publish address have to be set for it to work.

I don’t have a setup that is quite like your really so I can’t tell you where the resource loading would fail on the api-browser but if you are getting raw HTML on the global API and seeing attempts to load resources from 127.0.0.1 you should probably start by checking the nginx and Load Balancer logs.

Amazing and thanks a lot.
That’s all I actually needed to be honest.
I had no idea that this endpoint /api/api-browser/global/index.html actually exists. For some reason didn’t see the dedicated link to it in the upper right corner of the node overview screen.
Just assumed that the X-Graylog-Server-URL header would also be applied to the node specific API browser, but in hindsight that wouldn’t make a whole lot of sense, in particular for multi-node Graylog setups.

Thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.