Graylog web UI doesn't working when using http auth together with nginx reverse proxy

Graylog Central (peer support)
1

When I am using nginx reverse proxy together with http auth graylog doesn’t creating session and hence it doesn’t working.

Steps to Reproduce

  1. Setup graylog using docker
  2. Setup nginx virtual host with revers proxy to graylog
  3. Add basic http auth to virutal host
  4. Open web UI it will constanlty ask for username and password.
  • Graylog Version: 3.0
  • Elasticsearch Version: 6.6.1
  • MongoDB Version: 3
  • Operating System: Ubuntu 18
  • Browser version: Chrome
2

what is your Graylog configuration exactly? What have you configured for the http_* settings?

3

Hi My Graylog configuration is following

http_bind_address = 0.0.0.0:9000
#http_publish_uri = http://192.168.1.1:9000/
#http_external_uri =
#http_enable_cors = false
#http_enable_gzip = false
#http_max_header_size = 8192
#http_thread_pool_size = 16
#http_enable_tls = true
#http_tls_cert_file = /path/to/graylog.crt
#http_tls_key_file = /path/to/graylog.key
#http_tls_key_password = secret
elasticsearch_hosts = http://elasticsearch:9200

#transport_email_web_interface_url =
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =

4

so your http_publish_uri is the first non_loopback ipv4 interface on the system. As per documentation.

http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api

What is your reverse proxy config?

5

Hi,

My nginx configuration file

server
{
listen 80;
#listen [::]:80 default_server ipv6only=on;
server_name spl.graylog.9.aum;

allow 127.0.0.1;
allow xyz.0.0.1;

deny all;
auth_basic “Restricted”;
auth_basic_user_file /home/sagar/project/.htpasswd;
satisfy any;

location /
{

    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Graylog-Server-URL http://spl.graylog.9.aum;
    proxy_pass          http://127.0.0.1:9001;
}

error_log /home/sagar/project/logs/spl.graylog.9.aum.error.log;
access_log /home/sagar/project/logs/spl.graylog.9.aum.access.log main;
}

6

how have you configured that

proxy_pass http://127.0.0.1:9001

redirects the nginx server to your Graylog installation?

7

Hi Just correction is that it is: http://127.0.0.1:9000 and yes redirects the nginx to my Graylog installation. It is working perfectly fine, however as I mentioned it doesn’t working when I put Basic http auth.

8

When you did not give us your current running configuration - how should we help you debug your setup?

9

Hi Sorry but I have provided you everything that you have asked for e.g. you have asked http settings from graylog.conf here it is:

http_bind_address = 0.0.0.0:9000
#http_publish_uri = http://192.168.1.1:9000/
#http_external_uri =
#http_enable_cors = false
#http_enable_gzip = false
#http_max_header_size = 8192
#http_thread_pool_size = 16
#http_enable_tls = true
#http_tls_cert_file = /path/to/graylog.crt
#http_tls_key_file = /path/to/graylog.key
#http_tls_key_password = secret
elasticsearch_hosts = http://elasticsearch:9200

#transport_email_web_interface_url =
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =

And nginx reverse proxy

server
{
listen 80;
#listen [::]:80 default_server ipv6only=on;
server_name spl.graylog.9.aum;

allow 127.0.0.1;
allow xyz.0.0.1;

deny all;
auth_basic “Restricted”;
auth_basic_user_file /home/sagar/project/.htpasswd;
satisfy any;

location /
{

    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Graylog-Server-URL http://spl.graylog.9.aum;
    proxy_pass          http://127.0.0.1:9000;
}

error_log /home/sagar/project/logs/spl.graylog.9.aum.error.log;
access_log /home/sagar/project/logs/spl.graylog.9.aum.access.log main;
}

please let me know what else I can provide?

10

what is the first non-localhost IPv4 adress of your Graylog? Cause that is the IP that is used as http_publish_uri as you have a comment symbol before that setting and it takes the default …

11

Hi I am running graylog as docker service and when I made it up I can see following IP other then localhost

172.20.0.4:9000

12

Hi More information:

ifconfig | grep -Eo ‘inet (addr:)?([0-9].){3}[0-9]’ | grep -Eo ‘([0-9].){3}[0-9]’ | grep -v ‘127.0.0.1’
172.20.0.1
172.19.0.1
172.18.0.1
172.17.0.1
192.168.100.9

13

is that IP port 9000 what you reach if you enter http://spl.graylog.9.aum in your browser?

14

Hi Jan,

I am not that much experts in Operating System level so It is difficult for me to find out what is IP for this http://spl.graylog.9.aum , however I can give following information.

I am able to access graylog in following ways

http://172.20.0.4:9000 - Found from docker log
http://192.168.100.9:9000 - My system’s IP in our internal network
http://spl.graylog.9.aum - Nginx server name

However, I have followed following document exactly where it doesn’t have any example given for those http settings.

https://docs.graylog.org/en/3.0/pages/configuration/web_interface.html

15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.