Graylog behind 2 reverse proxies

btown1 · August 15, 2020, 12:22am

My setup is a reverse proxy on our boundary that is pointing into our internal network and my graylog server.

I set up my graylog server running apache with following config to reverse proxy it locally, which works just fine with following setup:

<VirtualHost :80>
ServerName graylog.internal.domain
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.) https://%{SERVER_NAME}/$1 [R,L]

<VirtualHost *:443>
ServerName graylog.internal.domain
ProxyRequests On
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/graylog.pem
SSLCertificateKeyFile /etc/httpd/graylog.key
SSLCACertificateFile /etc/pki/tls/certs/ca.pem
<Proxy *>
Order deny,allow
Allow from all

RequestHeader set X-Graylog-Server-URL “https ://graylog.internal.domain/”
ProxyPass http ://127.0.0.1:9000/
ProxyPassReverse http ://127.0.0.1:9000/

My outside proxy has the following config pointing at it:

<Location /graylog>
ProxyPass https: //graylog.internal.domain/
ProxyPassReverse https ://graylog.internal.domain/

When I click the link on the outside proxy all I get is just a static white page instead of the graylog login. Is there a subpath or something in graylog server.conf I should be using? I modified the trusted_proxies setting but that didn’t seem to work.

btown1 · August 15, 2020, 12:42am

If I turn off httpd on the graylog server itself and set it up to bind to $IP:9000 and set http_external_uri to the https://graylog.internal.domain:9000/ address it still works (with cert config setup in server.conf as well)

But on the outside proxy, pointing it to ProxyPass https://graylog.internal.domain:9000/ fails with:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later

btown1 · August 15, 2020, 8:33pm

Above when I get a blank screen connecting to Graylog through the proxy.

btown1 · August 15, 2020, 9:38pm

Failed to load resource: net::ERR_NAME_NOT_RESOLVED
vendor.043dd426065882df527b.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
polyfill.96312c8d18c5b4ff37d5.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
builtins.96312c8d18c5b4ff37d5.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.53e617da22c5598ebd0b.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.plugins.enterprise.EnterprisePlugin.6257bf162acbffe11658.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.plugins.collector.CollectorPlugin.b88363aeddd823827582.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.integrations.IntegrationsPlugin.de432cfc8976a7cb4e52.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin.5044caa597d2747788c6.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
plugin.org.graylog.aws.AWSPlugin.16a8c0b2427d3a1e285c.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED
app.96312c8d18c5b4ff37d5.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED

btown1 · August 17, 2020, 6:09pm

I did see this in the config, but not sure how to translate it to Apache

server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name applications.example.org;

location /graylog/
{
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
  rewrite          ^/graylog/(.*)$  /$1  break;
  proxy_pass       http://127.0.0.1:9000;
}

}

btown1 · August 18, 2020, 6:12pm

Got it to work so for future people who google search this here is what I had to set up!

Graylog server.conf only has http_bind set to 0.0.0.0:9000

Nginx config on graylog server:

server
{
listen 443 ssl http2;
server_name external_proxy_hostname;
ssl_certificate /etc/pki/tls/certs/graylog.pem;
ssl_certificate_key /etc/httpd/graylog.key;
location /graylog/
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:9000;
}
}

Make note that the server name is the external proxy, not the hostname of the graylog server

Apache config for external proxy:

<Location /graylog>
ProxyPass https://$GRAYLOGIP/graylog/
ProxyPassReverse https://$GRAYLOGIP/graylog/

system · September 1, 2020, 6:12pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Accessing Graylog Externally Graylog Central (peer support)	1	713	May 28, 2019
Reverse proxy problems with Graylog Enterprise Graylog Central (peer support)	2	493	May 13, 2019
External access through separate nginx proxy Graylog Central (peer support)	4	4187	October 27, 2017
Nginx Reverse Proxy +HTTPS with Graylog 3.0 on subdirectory (e.g., server.com/graylog) Graylog Central (peer support)	8	10586	March 6, 2019
Graylog behind external reverse proxy Graylog Central (peer support)	3	1797	September 23, 2023

Graylog behind 2 reverse proxies

Service Unavailable

Related topics