Graylog + Netscaler Loadbalancer

jns · July 31, 2019, 3:43pm

Graylog Version Graylog 2.5.2+4f6d123
OS SLES12 SP4
IP Graylog Server 10.200.150.8 | DNS servername.company.de

Hey,
i have some trouble here with graylog and forwarding the webinterface using a load balancer
Due to a new company policy, web applications should no longer be addressed with the server name but with a readable name.
In this case servername.company.de:9000 should syslog.company.de. We use Citrix Netscaler for the redirection.
According to the responsible administrator, the Netscaler makes an SSL offload to redirect the request.
With other applications the redirection works without problem

I have made the following changes to the Config:

rest_listen_uri = http://servername.company.de:9000/api/
rest_transport_uri = http://servername.company.de:9000/api/
web_listen_uri = http://servername.company.de:9000/
web_endpoint_uri = https://syslog.company.de:9000/api/

However I always get the error message [see below] when I try to connect to the web interface at syslog.company.de or syslog.company:9000 or syslog.company.de:9000/api/.
At the same time I can call the webinterface under servername.company.de:9000 without any problems.
I also tried, as described in the documentation, to set rest_listen_uri and web_listen_uri to 127.0.0.1 and set the web_endpoint_uri to
syslog.company.de:9000/api/. Even with that it doesn’t work. In addition I have also entered the IP instead of the server name. Also this brought no change.

Do any of you have any idea what the configuration should be in order for the redirection to work?

Cheers
Jonas

Request has been terminated
Possible causes: the network is offline, 
Origin is not allowed by Access-Control-Allow-Origin, 
the page is being unloaded, etc.
Original Request
GET http://syslog.company.de:9000/api/system/sessions
Status code
undefined
Full error message
Error: Request has been terminated
Possible causes: the network is offline, 
Origin is not allowed by Access-Control-Allow-Origin, 
the page is being unloaded,

Tuumke · August 2, 2019, 7:29am

Ofource you have 1 node that has is_master = true in the config file.
I have this as default:
# Default: http://$http_bind_address/
#http_publish_uri = http://192.168.1.1:9000/

Set the http_external_uri = http://syslog.company.de/

I dont have the rest_ or web_ settings in my config file.

jns · August 7, 2019, 5:24am

Hey,

Yes, only one Node and is set “is_master = true”

Okay thanks. But was is http://$http_bind_address? Does the specification refer to another specification?
The dollar sign indicates this.

You are using Graylog version 3.0 or higher. Many things have been renamed.

Cheers

Tuumke · August 7, 2019, 12:25pm

htpp_publish url is not set so it falls back to default which you dont have to set in 3.0 at least. IUt just uses the bind address which is set earlier in the config.

jan · August 20, 2019, 9:47am

the question is, how did you configure the loadbalancer?

What port does the loadbalancer listen with SSL to forward the request to Graylog? Is that Port 9000?

Your browser needs to be able to reach the Graylog API via the configured web_endpoint_uri when that is not possible you should check the configuration on that.

system · September 3, 2019, 9:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog HTTP load balancing using netscaler Graylog Central (peer support)	5	1680	June 1, 2017
GrayLog Cluster behind https NGINX load balancer issue Graylog Central (peer support)	2	1138	February 27, 2018
API browser url behind load balancer Graylog Central (peer support)	4	734	June 10, 2020
Load balancer issue for the web interface Graylog Central (peer support)	11	2060	July 18, 2018
Second network interface Graylog Central (peer support)	11	2110	October 12, 2018

Graylog + Netscaler Loadbalancer

Related Topics