Graylog behind external reverse proxy

Linedo · September 7, 2023, 4:49pm

Hi,

I am trying to configure Graylog behind an external reverse proxy - it is a feature built into our remote access system (RAS). However I dont know if it uses apache or nginx, are other reverse proxy methods compatible with Graylog?

I know the reverse proxy in the RAS only uses HTTPS (port 443), graylog only seems to have configurations for HTTP (port 80).

Lets say the normal URI to access Graylog is “logs.graylog.com:9000” I have configured a second URI “proxylogs.graylog.com” which points to the RAS system, which then forwards this request to “logs.graylog.com” (this is what the RAS guide says to do).

bind_address = 0.0.0.0:9000
http_publish_uri = http://logs.it4a.co.uk:9000/

However Graylog seems to be rejecting the incoming port 443 TCP packets.

I am running Graylog 4.1.14 on Ubuntu 20.24 (I know I need to upgrade).

Does anyone know what I am doing wrong? I would greatly appreciate any help, thank you in advance!

drewmiranda-gl · September 7, 2023, 7:24pm

This page is somewhat verbose but has a lot of good info on it:
https://go2docs.graylog.org/5-1/setting_up_graylog/web_interface.htm

One of the most important things though is making sure you have the following 3 settings appropriately configured:

http_bind_address
- This is the address that graylog will bind to, can be 0.0.0.0 or a specific IP
http_publish_uri
- this is the URI that graylog nodes use to talk to each other and should be the fully qualified domain name (FQDN) of the node (e.g. glnode1.domain.tld)
http_external_uri
- This is the external public facing URL you use to access graylog web interface

Let us know if you have any specific questions.

gsmith · September 9, 2023, 3:49am

Hey @Linedo

Graylog listens to port 9000, as for a reverse proxy you need to create a block with a proxy_pass
For example this is part of Nginx configuration.

erver {
  listen       *:443 ssl;
  server_name  logs.example.com;

  ssl_certificate           /etc/nginx/ssl/fullchain.pem;
  ssl_certificate_key       /etc/nginx/ssl/privkey.pem;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             TLSv1.2;
  ssl_ciphers               ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers on;

  index  index.html index.htm index.php;

  access_log /var/log/nginx/ssl-logs.example.com.access.log combined;
  error_log  /var/log/nginx/ssl-logs.example.com.error.log;

  location / {
    proxy_pass http://logs.example.com:9000;
 - - - 
- - -

system · September 23, 2023, 3:50am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
External access through separate nginx proxy Graylog Central (peer support)	4	4170	October 27, 2017
Issue with Nginx and graylog Graylog Central (peer support)	4	1916	January 11, 2018
Graylog API Browser points to local IP instead of configured external URL Graylog Central (peer support)	4	3119	October 2, 2020
Graylog web interface not reachable Graylog Central (peer support)	2	1342	June 22, 2020
Graylog v4.0.7 Clean install with ssl Graylog Central (peer support)	8	1314	June 18, 2021

Graylog behind external reverse proxy

Related Topics