Graylog API Browser points to local IP instead of configured external URL

Hi everyone,

I know similar issues than this one have been already discussed uncountable times, but none of the posts I’ve found so far were able to help me.

My overall setup:

  • Ubuntu 20.04.1 LTS running Graylog 3.3.5 with a single node on an EC2 instance listening on port 9000
  • Nginx running as reverse proxy on the same instance listening on port 80
  • Separate Application Load Balancer forwarding HTTPS (443) traffic to port 80 of the Nginx reverse proxy

Nginx config:

    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/;

Graylog server.conf (excerpt)

http_bind_address =
#http_publish_uri (i.e. not set)
#http_external_uri (i.e. not set)


When navigating to I’m able to use and configure the Graylog web interface as expected. Showing that the X-Graylog-Server-URL header is set correctly by the reverse proxy and interepreted correctly by the Graylog server.

When I try to open up the API browser via the Node overview API browser link. It tries to forward me to the http_bind_address instead of the X-Graylog-Server-URL.

What I’ve tried already

  • Navigating to directly gives me a very raw HTML Swagger login mask. But login mask still attempts to load other resources like images and scripts from which fails for obvious reasons.
  • Setting the http_exernal_uri to and restarting the Graylog server has no effect whatsoever and the behaviour still remains the same.

Has anyone an idea, what I’m doing wrong?

Not trying to be pushy but just wondering if the general approach or my expectations make sense?
Unfortunately still struggling with this issue here.


Basically, don’t use that button in your setup.
What you want to be using is the global API browser on or by clicking the Cluster Global API browser button at the top of that page.

That API browser button next to the node name should lead to the node API browser which is usually used for internal communication between nodes and such in a multi node setup and the bind address or publish address have to be set for it to work.

I don’t have a setup that is quite like your really so I can’t tell you where the resource loading would fail on the api-browser but if you are getting raw HTML on the global API and seeing attempts to load resources from you should probably start by checking the nginx and Load Balancer logs.

1 Like

Amazing and thanks a lot.
That’s all I actually needed to be honest.
I had no idea that this endpoint /api/api-browser/global/index.html actually exists. For some reason didn’t see the dedicated link to it in the upper right corner of the node overview screen.
Just assumed that the X-Graylog-Server-URL header would also be applied to the node specific API browser, but in hindsight that wouldn’t make a whole lot of sense, in particular for multi-node Graylog setups.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.