HaProxy Internet HTTP + Graylog


(Red Blood9) #1

Hi to All,
I’m trying to export my webgui on internet with Haproxy.
I’ve read the doc, and set up the setted up the HaProxy.
Here’s my Config:

backend http_graylog
balance roundrobin
http-request set-header X-Graylog-Server-URL https://mygraylog.public.url
server server1 server1:9000 check port 12900 inter 1000 fall 2
server server2 server2:9000 check port 12900 inter 1000 fall 2
server server3 server3:9000 check port 12900 inter 1000 fall 2
server server4 server4:9000 check port 12900 inter 1000 fall 2
server server5 server5:9000 check port 12900 inter 1000 fall 2

frontend graylog
bind 0.0.0.0:443 ssl crt /my/personal/cert.pem
rspadd Strict-Transport-Security:\ max-age=15768000
option forwardfor
http-request add-header X-Forwarded-Host %[req.hdr(host)]
http-request add-header X-Forwarded-Server %[req.hdr(host)]
http-request add-header X-Forwarded-Port %[dst_port]
acl graylog_policy hdr_dom(host) -i mygraylog.public.url
option http-server-close
option forwardfor
option forwardfor except 127.0.0.1
reqadd X-Forwarded-Proto:\ https
use_backend http_graylog if graylog_policy

But When I load my https://mygraylog.public.url i receive the fllowing error from graylog when try to login

Error - the server returned: 404 - cannot POST https://mygraylog.public.url/system/sessions (404)

But if in Haproxy I put the following string:

http-request set-header X-Graylog-Server-URL https://mygraylog.public.url/api

instead of

http-request set-header X-Graylog-Server-URL https://mygraylog.public.url

Then I receice this error:

cannot GET https://mygraylog.public.url/api/ (404)

How can I resolv this error?
Thanks
Red


(Jochen) #2

You can find a working configuration for HAProxy in the official Graylog documentation at http://docs.graylog.org/en/2.4/pages/configuration/web_interface.html#haproxy-1-6

The example assumes that the Graylog REST API and the web interface are running on the same port, see rest_listen_uri and web_listen_uri.


(Red Blood9) #3

There’s a way to setup it with the two port different from each other?
It’s a system in production from lots of time,
and doing a structural modify like this can be such difficult.


(Jochen) #4

You can find an example for that in the (old) documentation at http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html#haproxy-1-6.


(Red Blood9) #5

Hi jochen,
Thank you for your help. I’ve Resolved the problem and now it works correctly.
Just a precision: I’ve take part of configuration from the doc 2.0, and not 2.1 because the last one is the same as 2.2

Thanks
Red


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.