I have installed graylog behind nginx and currently it works on http.
But when accessing to https address, the graylog fails as it tries to download content from http.
How should the nginx or graylog be configured to work corretly also on https address?
Nginx allready is configured to serve https.
But when loading page over https on chrome I get:
“Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure script ‘’. This request has been blocked; the content must be served over HTTPS”
and on developer tools network tab shows:
We are running services on kubernets and using helm chart to deploy the graylog. I think I should enable the tls for the graylog, and link the cert and key from the nginx (stored in secrets) ?
…not totally sure how to give the key and cert with helm chart. Trying to set it up following this: graylog 1.7.9 · KongZ/kong-z
(in this example cert and key are stored as strings, but how to do this on helm chart?)
edit:
On helm chart I’m able to get key and cert as string from the nginx secrets.
Like: “-----BEGIN CERTIFICATE----- …” and " -----BEGIN EC PRIVATE KEY----- …"
I end up with error (as the cert is the first):
bad flag syntax: -----BEGIN CERTIFICATE-----
How should I use the cert and to enable the https?
I guess the correct way to set up https is to enable tls?
If I enable the tls, how should the key and cert be given to graylog?
I think it might be your certificates, but I’m unsure.
Chrome be a little weird at times, have you tried other browsers?
It would be greatly appreciated to have more information about your Graylog environment like your graylog configuration file, and how you configured nginx. Please take a look at the link below.
Did you see any of these posts here that might resemble your issue?
Have you looked here ? Maybe something was over looked when creating certificates for HTTPS.
If this doesn’t help, at this point I’m not sure. If I had this issue with a Graylog installation, I would remove nginx from the equation to see if everything functions as expected (i.e., https) Then roll into securing it. That way if something weird pops up I know for sure where the issues is from.
All I can do is offer suggestions and speculate sorry I can’t be more help.
I had a similar issue. I’m not running multinode, though, so your difficulties may be more complicated. In my case, I think it was related to the trusted_proxies parameter in /etc/graylog/server/server.conf and the X-Graylog-Server-URL header.
in server.conf trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
And then in the nginx server, this config block. One of the things this block does is set the X-Graylog-Server-URL header, which tells Graylog to properly write links to its resources.
In nginx configuration, within the relevant server{} block:
Ok. Enabling the tls did not solve the issue I managed to enable the tls, and deployed the graylog with the cert and key).
Still getting these “(blocked:mixed-content)” on the browser, when trying to load the UI.
I probably need to configure the https to the nginx, something like Sean is pointing above.
Deployment does not fail, but also the https is not working.
Kind a lost here, I guess the enaling the tls is not working because of the nginx, but not totally sure what is needed for nginx
I can set one individual header like:
–set graylog.ingress.annotations.nginx.ingress.kubernetes.io/proxy_set_header=‘Host $http_host’ `
But adding multiple fails…
I did few tries to set up nginx. And was able to set configuration as nginx annotation server snippet. But adding the configuration pointed out over here: Web interface — Graylog 3.0.2 documentation
did not redirect solve the issue with webinterface not working. But it might be about how the nginx is running on kubernetes. Not totally familiar with kubernetes and nginx, so that might also be some mistake. But at least the configuration is visible when looking the ingress of graylog:
kubectl describe ing graylog -n graylog
The trouble is setup graylog domain to a subpath, https://domain.com/graylog.
I didn’t enable tls for gelf input, only for webui, so I attached the ssl certificate at loadbalancer.
browser —(https)—> loadbalancer --(http)—> ingress -----> graylog webui service
Seems that this makes ui working, but still something missing for the GELF and API since.
In the input section the GELF UPD seems not to be runnning. And when disabling the TLS it shows back on.