Hello!
I’ve been grinding away at trying to get the Graylog Web Interface secured behind Nginx. I can still connect to the webui on port 9000, and Nginix seems to connect securely as my browser says “Graylog Web Interface” in the masthead, but the Graylog interface never comes up on the secure port. Nginx is running on the same server as Graylog.
Here is my Nginx config file:
server
{
listen 443 ssl;
server_name glog.cad-server.com;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Graylog-Server-URL https://glog.cad-server.com/api;
proxy_pass http://127.0.0.1:9000;
# proxy_pass http://ip-address:9000;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/glog.cad-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/glog.cad-server.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/graylog.access.log;
error_log /var/log/nginx/graylog.error.log;
}
# http to https redirection
server {
listen 80;
server_name glog.cad-server.com;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^ https://$server_name$request_uri? permanent;
}
The http_bind_address
is 0.0.0.0:9000
and the web_publish_uri
is http://glog.cad-server.com:9000
I did try to config the httpd_external_uri to be the same as web_publish_uri, but that didn’t work either.