All the details are in the Github Issue, but to summarize:
I have Graylog running behind an Nginx reverse-proxy, when the site is loaded, a large amount of RST packets are coming from the Graylog server on port 9000. The appear to be RSTs sent to an established connection, but the connection has already been closed so the RSTs are being caught in my UFW firewall.
I’m hoping someone would have an idea about what’s going on, or, whether or not this is expected behavior.
If there is any additional information you would need, I’ll do my best.