Graylog-certificate

ItsTimetoforget · July 29, 2021, 8:13am

Hey,

I am currently trying to build a Graylog server. This looks like the following:
The graylog server does http and works like that without problems. As soon as I let a Nginx-proxy-manager do the HTTPS encryption in front of it, it doesn’t work anymore. So that means it runs and also accepts logs and so. But it can not retrieve any information about the API (see pictures). I have already added the public key to the JKS and also the Docker container has it in its CA store. A CURL goes through without problems, only the Graylog is stubborn^^. I hope someone can help me with this. Thanks a lot in advance.

shoothub · July 29, 2021, 10:59am

Please post your Nginx configuration and your graylog version.

ItsTimetoforget · July 29, 2021, 11:09am

Thanks for the quick reply. I use Nginx proxy manager. This is configured via nen web gui. I can only say that I just forward any traffic to port 9000 (This port is listening to the Graylog REST API and also the webinterface). I am currently using Graylog version 2.5.1.

shoothub · July 29, 2021, 11:16am

Did you follow official docs for it? Especially required header X-Graylog-Server-URL

Anyway, why you use such old graylog version? If you build new system, always use latest build (4.1), because older version are not supported.

https://docs.graylog.org/en/4.1/pages/faq.html#how-long-do-you-support-older-versions-of-the-graylog-product

ItsTimetoforget · July 29, 2021, 11:23am

Unfortunately I have to use this version because it can’t be updated yet. If I have understood the header correctly, this is not relevant for me. The reverse proxy is only used for encryption and port mapping. The server itself also has the DNS entry and is also reachable.

ItsTimetoforget · July 29, 2021, 11:25am

I’m afraid that Graylog doesn’t read the JKS and therefore doesn’t know the certificate. However, I have included and added this when building my Docker Conatiners. Furthermore also in the container the Env: “GRAYLOG_SERVER_JAVA_OPTS=-Xms1g -Xmx1g -Djavax.net.ssl.trustStore=/usr/share/graylog/cacerts.jks -Djavax.net.ssl.trustStorePassword=****” is set.

shoothub · July 29, 2021, 1:15pm

If you use nginx as reverse proxy for graylog web UI, you need to set this special header

https://docs.graylog.org/en/2.5/pages/configuration/web_interface.html#nginx

It is required for all reverse proxy software, not only nginx.

Someone in the past have similar problem, maybe this can help.

ItsTimetoforget · July 29, 2021, 1:34pm

Thanks for the answer. Unfortunately this changes nothing. The problem that Graylog does not accept the certificate remains.

ItsTimetoforget · July 30, 2021, 5:49am

So, I have now switched to Nginx. For this I have also set the header entry as you said. The problem now is that I get a 404 when logging in: “Error - the server returned: 404 - cannot POST https://*****/system/sessions (404)”. I have already read the threads about this in the forum and it just all brings nothing. I don’t know what to do. If you have an idea I am open for everything ^^.

shoothub · July 30, 2021, 10:33am

If you want only terminate SSL/TLS on nginx (https), don’t setup SSL/TLS on graylog at all.

This simple nginx config redirect from http to https, and expose graylog web ui in https:

server {
  listen 80;
  server_name  logs.server.com;
  return 301 https://logs.server.com$request_uri;
}
 
server {
    listen 443 ssl http2;
 
    server_name logs.server.com;
    ssl on;
    ssl_certificate     /etc/pki/web/server.com.crt;
    ssl_certificate_key /etc/pki/web/server.com.key;
 
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Graylog-Server-URL https://$server_name/;
        proxy_pass       http://127.0.0.1:9000;
    }
}

ItsTimetoforget · July 30, 2021, 10:46am

My Config:

{
    listen      443 ssl http2;
    server_name loghost-test1.*****.de;
    ssl_protocols TLSv1.2;
    ssl_certificate /***/****;
    ssl_certificate_key /******/*****; 


    location /
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      #proxy_set_header X-Graylog-Server-URL https://loghost-test1.****.de/;
      proxy_pass       http://10.32.1.159:5000;

    }

}

shoothub · July 30, 2021, 10:59am

This seem OK, so problem would be probably in graylog server config. I can’t help much, because I don’t use such old version, and the parameters changed a lot.

ItsTimetoforget · August 2, 2021, 5:14am

Thank you very much. Now i would run the Server on http. As soon as possible i try to update Graylog on the latest version.

system · August 16, 2021, 5:14am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Https troubleshooting Graylog Central (peer support)	4	752	June 2, 2020
GrayLog Nginx Reverse Proxy Https Graylog Central (peer support)	9	5134	May 1, 2020
Graylog installation behind NGINX for proxy and CloudFlare for SSL Graylog Central (peer support)	6	5186	February 26, 2018
Graylog Docker NGINX Reverse Proxy HTTPS Graylog Central (peer support)	2	2787	February 14, 2020
Securing inputs Graylog Central (peer support)	7	2965	April 15, 2022

Graylog-certificate

Related Topics