Hi Graylog Community,
My goal is to log specific informations from an external web application over REST API of Graylog.
I installed Graylog with docker-compose on my Ubuntu system and configured apache2. I can access from the www to graylog application. I then tried to configure a GELF http input and tried to send a dummy log entry via Postman, unfortunately it doesn’t work. Also when I go to system → node and open the API browser, the page will not open and points me to this: “http://192.168.80.4:9000/api/api-browser”
here is my docker-compose.yml:
version: '3'
services:
# MongoDB
mongo:
image: mongo:4
volumes:
- mongo_data:/data/db
networks:
- graylog-net
# Elasticsearch
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
environment:
- "discovery.type=single-node"
volumes:
- elasticsearch_data:/usr/share/elasticsearch/data
networks:
- graylog-net
# Graylog
graylog:
image: graylog/graylog:4.1
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_PASSWORD_SHA2=c0938bdb75472a87d7a9b2651badc86ceaa05541e004beee7400c8920579dfb6
- GRAYLOG_HTTP_EXTERNAL_URI=http://10.0.1.10:9000/
- GRAYLOG_WEB_ENDPOINT_URI=http://10.0.1.10:9000/api
- GRAYLOG_HTTP_ENABLE=true
depends_on:
- mongo
- elasticsearch
ports:
- "9000:9000"
- "5140:5140"
- "5140:5140/udp"
- "12201:12201"
- "12201:12201/udp"
networks:
- graylog-net
networks:
graylog-net:
driver: bridge
volumes:
mongo_data:
elasticsearch_data:
and this is my apache2 config:
IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName logs.zuselli-server.ddns.net
ServerAlias logs.zuselli-server.ddns.net
# Module laden (falls nciht schon woanders geschehen)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyRequests Off
# keine Spezialitäten, balancer, etc.: Stupides *
<Proxy *>
Require all granted
</Proxy>
#ProxyPass / http://localhost:8080/
<Location />
# ProxyPreserveHost On
# RequestHeader set X-Graylog-Server-URL "https://logs.zuselli-server.ddns.net/"
ProxyPass http://10.0.1.10:9000/
ProxyPassReverse http://10.0.1.10:9000/
</Location>
# Uncomment the line below if your site uses SSL.
SSLProxyEngine On
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L
SSLCertificateFile /etc/letsencrypt/live/cloud.zuselli-server.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.zuselli-server.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Apache2 is running on a different server and redirects to the internal graylog server which is 10.0.1.10
Do I have some Firewall problems? Or how can I make the external API entry point running?
Thanks for helping me