Graylog v4.0.1 oauth2

Hi there.
Could somebody explain how does " Trusted Header Authentication" should be configured to works properly?
I want to be able to auth into Graylog with my google account.
For now, I use GitHub - bitly/oauth2_proxy: A reverse proxy that provides authentication with Google, Github or other provider for authentication into my ELK and it works pretty well.

Does nobody use oauth for Graylog? :pensive:

For somebody who will face with the same question.
A simple example - add into the nginx vhost config
proxy_set_header Graylog-User testuser;

  • Graylog-User - a header that I set up in the Trusted Header Authentication menu.
  • testuser - Graylog user which will be authenticated in the web interface. It can’t be local admin user!

My full nginx config:

server {
    listen 443 ssl;

    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 15;
        proxy_send_timeout 30;
        proxy_read_timeout 30;

# Authorized proxy for Graylog
server {
    listen 8080;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Graylog-Server-URL https://$server_name/;
        proxy_set_header Graylog-User testuser;
        proxy_connect_timeout 60;
        proxy_send_timeout    60;
        proxy_read_timeout    60;
        send_timeout          60;

/etc/oauth2_proxy.cfg :

# based on
email_domains = [

upstreams = [

pass_basic_auth = false

redirect_url = ""

cookie_name = "_oauth2_proxy"
cookie_secret = "secret_key"
cookie_secure = true

client_id = ""
client_secret = "secret_key"

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.