Graylog webinterface through haproxy load balancer

Hi Team,

We have set up a multi node graylog in our environment and trying to connect to the application web browser through haproxy load balancer.

The server.conf at primary node is:

http_bind_address = 10.xx.xx.xx:9000

and config for haproxy at load balancer is:

    log   local0
    log   local1 notice
    maxconn 4096
    maxpipes 1024
    user haproxy
    group haproxy
    tune.ssl.default-dh-param 2048
    ssl-default-bind-ciphers HIGH:!aNULL:!MD5!eNULL:!EXPORT:!DES:!RC4:!3DES:!PSK
    log global
    mode    http
    retries 3
    option  httplog
    option  dontlognull
    option forwardfor
    option http-server-close
    ##timeout http-keep-alive 1250s
    ##option http-keep-alive

    stats enable
    stats auth admin:admin
    stats uri /haproxy
    timeout server 1200s
    timeout connect 20s
    timeout client 60s
    log local0 notice

##default-server inter 500
default-server rise 1
default-server fall 20

frontend Logsearch
    bind *:443 ssl crt /etc/certs2019/ no-sslv3 no-tlsv10 no-tlsv11
    http-request set-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-Host %[req.hdr(host)]
    http-request add-header X-Forwarded-Server %[req.hdr(host)]
    http-request add-header X-Forwarded-Port %[dst_port]
    default_backend Application-nodes

backend Application-nodes
    #balance leastconn
    balance roundrobin
    ##option http-tunnel
    ##option http-server-close
    ##option prefer-last-server
    ##option http-keep-alive
    ##timeout http-keep-alive 1250s
    option httpchk HEAD /api/system/lbstatus
    http-request set-header X-Graylog-Server-URL http://10.xx.xx.xx:9000
    server trxxxxxxx1 10.xx.xx.xx:9000 weight 1 maxconn 2500 check  ##Gray Log Node1
    #server trxxxxxxx2 10.xx.xx.xx:9000 weight 1 maxconn 2500 check  ##Gray Log Node2
    #server trxxxxxxx3 10.xx.xx.xx:9000 weight 1 maxconn 2500 check ##Gray Log Node3
    log local3 alert
    log local2 info

And when trying to resolve to the dns entry of load balancer, we get the errors:


graylog access denied

Closer look in developer mode in network tab gives the status:


Could anyone at least point us in the right direction??

Many Thanks,


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.