I want to run Graylog as a Docker instance. I am also running Nginx as a Docker instance.
The server’s hostname is homeserver so the web-services hosted on it are setup as http://homeserver/nextcloud or http://homeserver/guacamole courtesy of reverse proxying via Nginx.
I also want Graylog to be accessed via Nginx as a reverse proxy via http://homeserver/graylog (i.e. as a sub-directory)
When I try to access the graylog instance directly (non-proxied) via http://homeserver:9000/ it simply doesn’t load at all. Unreachable.
And when I try to access the graylog instance via Nginx (http://homeserver/graylog), Nginx simply return a 502 - presumably because Graylog is inaccessible so Nginx can’t proxy_pass to an unreachable destination.
I looked at your docker-compose file and had a look at your nginx.conf file and was able to get my reverse proxied URL http://homeserver/graylog working.
In short, I had to make a few tweaks from the configs on Github. For anyone who comes here from Google, I suggest looking on Github and using that as your base to achieve a similar desired result.
One question though…right now, my GRAYLOG_WEB_ENDPOINT_URI is set to http://homeserver:9000/graylog/api because Graylog Web is accessible via http://homeserver
Let’s say a few weeks later, I publish this web application online through some domain (e.g. http://foobar-public.ddns.me/graylog/) so that it’s not just an internal application, will I need to change the GRAYLOG_WEB_ENDPOINT_URI to something else or can it remain pointing to the internal server hostname?
Let’s say a few weeks later, I publish this web application online through some domain (e.g. http://foobar-public.ddns.me/graylog/) so that it’s not just an internal application, will I need to change the GRAYLOG_WEB_ENDPOINT_URI to something else or can it remain pointing to the internal server hostname?
My Setup is similar and I have one Server configuration for the internal hostname and one for the external. First to be able to seperate what is available to the outsite world and second to be able to use the following Graylog configuration:
I see - thanks for that. So from an Nginx point of view, it’s possible to access the same service both internally from within the LAN and externally from the WAN.
However, my issue is the docker run command I use to instantiate the Graylog container includes this flag: -e GRAYLOG_WEB_ENDPOINT_URI="http://homeserver:9000/graylog/api" \
Note that this flag has the internal/local hostname hardcoded in as the web endpoint URI. If I set up Nginx to work for access via the WAN, won’t Graylog break because the web endpoint URI hostname and FQDN for WAN access won’t match and trigger a CORS Violation error?
For example, I’ll load http://foobar-public.ddns.me/graylog/ in my browser. But under the hood, Graylog will be trying to load resources from http://homeserver:9000/api/ and I’m worried this would stop my Graylog working when trying to access from the WAN?