Graylog container behind Nginx reverse-proxy container

Graylog Central (peer support)
1

Hello everyone. I know, a similar question has been discussed many times but nothing is working for me.
I want to use Graylog 4.0 and jwilder/nginx-proxy

According to jwilder/nginx-proxy documentation we must specify -e VIRTUAL_HOST=“mysubdomain.mydomain.com” and expose port

Based on that, I am using the following command to ran Graylog container

$ docker run --name mongo -d mongo:4.2
$ docker run --name elasticsearch \
    -e "http.host=0.0.0.0" \
    -e "discovery.type=single-node" \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
    -d docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.0
$ docker run --link mongo --link elasticsearch \
	-u root \
    -p 12201:12201 -p 1514:1514 -p 5555:5555 -p 9000:9000 \
	-e GRAYLOG_HTTP_EXTERNAL_URI=http://mysubdomain.mydomain.com:9000/ \
	-e VIRTUAL_HOST=mysubdomain.mydomain.com \
	-e VIRTUAL_PORT=9000 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -d graylog/graylog:4.0

According to Graylog 4.0 documentation, http_external_uri is the public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API. Graylog web interface.

When hitting https:/ /mysubdomain.mydomain.com, I am getting the error
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.

The index.html looks like

  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="http://mysubdomain.mydomain.com/assets/favicon.png">
    
  </head>
  <body>
    <script src="http://mysubdomain.mydomain.com/config.js"></script>
    ...
  </body>
</html>

According to Graylog documentation :

  • If the HTTP(S) client going to the web interface port sends a X-Graylog-Server-URL header, which contains a valid URL, then this is overriding everything else.
  • If http_external_uri is defined in the Graylog configuration file, this is used if the aforementioned header is not set.

So, I did not put X-Graylog-Server-URL to the nginx config file

What else needs to be configured to have it working?

2

Hey guys, sorry for disturbing you. Fixed the issue. This is totally my bad.
When running the aforementioned command to start the Graylog container, it assigns to the proxy_pass of the location section the value of the VIRTUAL_HOST parameter. That is wrong for this case.
We want to assign to the proxy_pass the value of GRAYLOG_HTTP_BIND_ADDRESS. We also want to assign https://mysubdomain.mydomain.com value to the GRAYLOG_HTTP_EXTERNAL_URI environment variable. So, in index.html we will see

<link rel="shortcut icon" href="https://mysubdomain.mydomain.com/assets/favicon.png">

Thus, it will reach out our Nginx server, which in turn will redirect calls to GRAYLOG_HTTP_BIND_ADDRESS

1 Like
3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.