Graylog web UI doesn't working when using http auth together with nginx reverse proxy

Sagar · July 19, 2019, 11:26am

When I am using nginx reverse proxy together with http auth graylog doesn’t creating session and hence it doesn’t working.

Steps to Reproduce

Setup graylog using docker
Setup nginx virtual host with revers proxy to graylog
Add basic http auth to virutal host
Open web UI it will constanlty ask for username and password.

Graylog Version: 3.0
Elasticsearch Version: 6.6.1
MongoDB Version: 3
Operating System: Ubuntu 18
Browser version: Chrome

jan · July 19, 2019, 12:51pm

what is your Graylog configuration exactly? What have you configured for the http_* settings?

Sagar · July 20, 2019, 8:11am

Hi My Graylog configuration is following

http_bind_address = 0.0.0.0:9000
#http_publish_uri = http://192.168.1.1:9000/
#http_external_uri =
#http_enable_cors = false
#http_enable_gzip = false
#http_max_header_size = 8192
#http_thread_pool_size = 16
#http_enable_tls = true
#http_tls_cert_file = /path/to/graylog.crt
#http_tls_key_file = /path/to/graylog.key
#http_tls_key_password = secret
elasticsearch_hosts = http://elasticsearch:9200

#transport_email_web_interface_url =
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =

jan · July 20, 2019, 8:19am

so your http_publish_uri is the first non_loopback ipv4 interface on the system. As per documentation.

http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api

What is your reverse proxy config?

Sagar · July 22, 2019, 4:57am

Hi,

My nginx configuration file

server
{
listen 80;
#listen [::]:80 default_server ipv6only=on;
server_name spl.graylog.9.aum;

allow 127.0.0.1;
allow xyz.0.0.1;

deny all;
auth_basic “Restricted”;
auth_basic_user_file /home/sagar/project/.htpasswd;
satisfy any;

location /
{

    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Graylog-Server-URL http://spl.graylog.9.aum;
    proxy_pass          http://127.0.0.1:9001;
}

error_log /home/sagar/project/logs/spl.graylog.9.aum.error.log;
access_log /home/sagar/project/logs/spl.graylog.9.aum.access.log main;
}

jan · July 22, 2019, 6:02am

how have you configured that

proxy_pass http://127.0.0.1:9001

redirects the nginx server to your Graylog installation?

Sagar · July 22, 2019, 6:07am

Hi Just correction is that it is: http://127.0.0.1:9000 and yes redirects the nginx to my Graylog installation. It is working perfectly fine, however as I mentioned it doesn’t working when I put Basic http auth.

jan · July 22, 2019, 6:43am

When you did not give us your current running configuration - how should we help you debug your setup?

Sagar · July 22, 2019, 6:46am

Hi Sorry but I have provided you everything that you have asked for e.g. you have asked http settings from graylog.conf here it is:

http_bind_address = 0.0.0.0:9000
#http_publish_uri = http://192.168.1.1:9000/
#http_external_uri =
#http_enable_cors = false
#http_enable_gzip = false
#http_max_header_size = 8192
#http_thread_pool_size = 16
#http_enable_tls = true
#http_tls_cert_file = /path/to/graylog.crt
#http_tls_key_file = /path/to/graylog.key
#http_tls_key_password = secret
elasticsearch_hosts = http://elasticsearch:9200

#transport_email_web_interface_url =
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =

And nginx reverse proxy

server
{
listen 80;
#listen [::]:80 default_server ipv6only=on;
server_name spl.graylog.9.aum;

allow 127.0.0.1;
allow xyz.0.0.1;

deny all;
auth_basic “Restricted”;
auth_basic_user_file /home/sagar/project/.htpasswd;
satisfy any;

location /
{

    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Graylog-Server-URL http://spl.graylog.9.aum;
    proxy_pass          http://127.0.0.1:9000;
}

error_log /home/sagar/project/logs/spl.graylog.9.aum.error.log;
access_log /home/sagar/project/logs/spl.graylog.9.aum.access.log main;
}

please let me know what else I can provide?

jan · July 22, 2019, 7:02am

what is the first non-localhost IPv4 adress of your Graylog? Cause that is the IP that is used as http_publish_uri as you have a comment symbol before that setting and it takes the default …

Sagar · July 22, 2019, 11:55am

Hi I am running graylog as docker service and when I made it up I can see following IP other then localhost

172.20.0.4:9000

Sagar · July 22, 2019, 1:01pm

Hi More information:

ifconfig | grep -Eo ‘inet (addr:)?([0-9].){3}[0-9]’ | grep -Eo ‘([0-9].){3}[0-9]’ | grep -v ‘127.0.0.1’
172.20.0.1
172.19.0.1
172.18.0.1
172.17.0.1
192.168.100.9

jan · July 22, 2019, 3:37pm

is that IP port 9000 what you reach if you enter http://spl.graylog.9.aum in your browser?

Sagar · July 23, 2019, 4:48am

Hi Jan,

I am not that much experts in Operating System level so It is difficult for me to find out what is IP for this http://spl.graylog.9.aum , however I can give following information.

I am able to access graylog in following ways

http://172.20.0.4:9000 - Found from docker log
http://192.168.100.9:9000 - My system’s IP in our internal network
http://spl.graylog.9.aum - Nginx server name

However, I have followed following document exactly where it doesn’t have any example given for those http settings.

https://docs.graylog.org/en/3.0/pages/configuration/web_interface.html

system · August 6, 2019, 4:48am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.