Graylog container behind Nginx reverse-proxy container

Hello everyone. I know, a similar question has been discussed many times but nothing is working for me.
I want to use Graylog 4.0 and jwilder/nginx-proxy

According to jwilder/nginx-proxy documentation we must specify -e VIRTUAL_HOST=“mysubdomain.mydomain.com” and expose port

Based on that, I am using the following command to ran Graylog container

$ docker run --name mongo -d mongo:4.2
$ docker run --name elasticsearch \
    -e "http.host=0.0.0.0" \
    -e "discovery.type=single-node" \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
    -d docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.0
$ docker run --link mongo --link elasticsearch \
	-u root \
    -p 12201:12201 -p 1514:1514 -p 5555:5555 -p 9000:9000 \
	-e GRAYLOG_HTTP_EXTERNAL_URI=http://mysubdomain.mydomain.com:9000/ \
	-e VIRTUAL_HOST=mysubdomain.mydomain.com \
	-e VIRTUAL_PORT=9000 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -d graylog/graylog:4.0

According to Graylog 4.0 documentation, http_external_uri is the public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API. Graylog web interface.

When hitting https:/ /mysubdomain.mydomain.com, I am getting the error
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.

The index.html looks like

  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="http://mysubdomain.mydomain.com/assets/favicon.png">
    
  </head>
  <body>
    <script src="http://mysubdomain.mydomain.com/config.js"></script>
    ...
  </body>
</html>

According to Graylog documentation :

  • If the HTTP(S) client going to the web interface port sends a X-Graylog-Server-URL header, which contains a valid URL, then this is overriding everything else.
  • If http_external_uri is defined in the Graylog configuration file, this is used if the aforementioned header is not set.

So, I did not put X-Graylog-Server-URL to the nginx config file

What else needs to be configured to have it working?

Hey guys, sorry for disturbing you. Fixed the issue. This is totally my bad.
When running the aforementioned command to start the Graylog container, it assigns to the proxy_pass of the location section the value of the VIRTUAL_HOST parameter. That is wrong for this case.
We want to assign to the proxy_pass the value of GRAYLOG_HTTP_BIND_ADDRESS. We also want to assign https://mysubdomain.mydomain.com value to the GRAYLOG_HTTP_EXTERNAL_URI environment variable. So, in index.html we will see

<link rel="shortcut icon" href="https://mysubdomain.mydomain.com/assets/favicon.png">

Thus, it will reach out our Nginx server, which in turn will redirect calls to GRAYLOG_HTTP_BIND_ADDRESS

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.