Graylog behind nginx sub directory how-to configure

(Dave) #1


The reason im creating this task is because i was trying to integrate with librenms but could not. Much back and forth with the devs on discord led me to think that i need to better configure my graylog/nginx setup, and they agreed.

i’ve had this setup running fine with no issues, aside from api button not working (Accessing API button)

So configs: (running 2.4.3)

This is how i have it configured.

rest_listen_uri =
#rest_transport_uri =
web_listen_uri =
#web_endpoint_uri =
#http_proxy_uri =

Using nginx to access through web browser (https://<routable-fqdn>/graylog) works

   location /graylog {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/api;

I am using nginx as the sole proxy to access graylog. I dont have any of the web_enable_tls,rest_enable_tls etc settings enabled.

Any input as to how to better configure graylog with sub-directory would be appreciated.

Thank you,

(Jochen) #2

What problem are you trying to solve?

There’s a working nginx configuration at in the documentation at

(Dave) #3

@jochen thank you for replying

im not really too sure if there is a problem but im experiencing an issue integrating graylog with librenms. It was a lot of back and forth with the devs trying to figure it out and they believe it should be on / but i would prefer not to have it there, since i have other web services running

What i really want to know if i have it configured properly using a sub directory?
Aside from the api button issue

nginx does all the ssl stuff


(Jan Doberstein) #4

yes - your configuration is what it should be to run in a sub dir as you have it running.

Again - what is the issue you try to solve. Think of that you need to explain this to someone that does not know your environment and what you mean by “integration into”.

(Dave) #5

Sorry for not being clear.
This is what im trying to accomplish:

(Jan Doberstein) #6

I didn’t see any issues with that. Special because you can use $config['graylog']['base_uri'] = '/graylog/api/'; and everything should be fine.

If not, please describe your problem, describe the error you are facing.

Maybe you could cross link the discussion with the librenms developers just to be sure that a person who is not you, having all your knowledge might help.

LibreNMS, Graylog integration not working
(Dave) #7

I thought that would be the case too. Cross link? How can i do that?

I had submitted a ticket on librenms but i had no traction until i went into the IRC

Still need to update that ticket with everything the devs asked me to try.
Ill do that right now…

(Jochen) #8

I’m still not clear how this is a problem with Graylog. The thread in the LibreNMS Community you’ve linked to clearly shows that the Graylog REST API is accessible via http://<graylog-host>:8888/graylog/api.

Maybe the LibreNMS Graylog integration simply doesn’t work?

One wild assed guess: LibreNMS is using HTTP/1.0, while curl is using HTTP/1.1.
HTTP/1.0 doesn’t know anything about the HTTP Host header, so if your nginx is hosting anything other than Graylog (“virtual hosts”) and LibreNMS doesn’t perform a proper HTTP/1.1 request, it might not be able to serve the data it should.

(Dave) #9

By ‘virtual hosts’ you mean ‘server blocks’ (nginx equivalent) then yes! I had configured one for port 80 (redirects to https) and one for 443. Those blocks were for web browser access.

I had created another server block port 8888 for backend/application access. (oxidized/graylog api) but only allowed specific hosts. oxidized worked fine but had issues with graylog. But of course graylog was accessible via specified host on port 8888 via web browser and curl.

HTTP/1.0 vs 1.1? That’s an interesting idea. Yes, im hosting several apps with sub directories
What i plan to do now is create a vm with only graylog on / and see where that takes me. then ill try with subdirectory and with just one server_block.

Any other suggestions would be appreciated.

Btw i updated the librenms post…


(Dave) #10

Ok, i created a new graylog vm with same settings as production one.

Slight difference: using / in nginx and no SSL

URL: http://graylog-lab-ecr-1/

location / {
	#rewrite ^/graylog(.*)$ $1 last;
	access_log  /var/log/nginx/graylog-access.log main;
	error_log /var/log/nginx/graylog-error.log debug;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/api;
	#proxy_set_header X-Graylog-Server-URL https://$server_name/api;
	proxy_set_header X-Graylog-Server-URL http://$server_name/api;

I can curl it using HTTP 1.0 and 1.1 (-0 option) from the librenms and get exact same output:

curl -0 -X GET -u "config:password" -k -H 'Accept: application/json' 'http://graylog-lab-ecr-1/api/cluster' | python -m json.tool
    "bc808e5c-1271-4d83-b3ff-160d52e37433": {
        "cluster_id": "f19099c3-8254-452b-98ce-839c190cd960",
        "codename": "Wildwuchs",
        "facility": "graylog-server",
        "hostname": "10.x.x.x,
        "is_processing": true,
        "lb_status": "alive",
        "lifecycle": "running",
        "node_id": "bc808e5c-1271-4d83-b3ff-160d52e37433",
        "operating_system": "Linux 3.10.0-693.17.1.el7.x86_64",
        "started_at": "2018-01-30T18:28:16.803Z",
        "timezone": "UTC",
        "version": "2.4.3+2c41897"

Curl command log output from nginx:

<ipv6> - config [30/Jan/2018:18:43:21 +0000] "GET /api/cluster HTTP/1.1" 200 421 "-" "curl/7.29.0" "-"
<ipv6> - config [30/Jan/2018:18:43:24 +0000] "GET /api/cluster HTTP/1.0" 200 421 "-" "curl/7.29.0" "-"

So this tells me that it’s more than likely a librenms issue…

Unless i missed something…

Thank you very much for the support!!

Going to go poke at the guys as librenms…hehe :smile:

(Dave) #11

Issue solved!!!

See post:

(Jochen) #12

Related GitHub pull request:

(system) closed #13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.