Load balancer issue for the web interface

Graylog Central (peer support)
1

Hello gents,

I have a F5 load balancer which sends the web traffic to 3 servers
10.0.0.1, 10.0.0.2 and 10.0.0.3.
10.0.0.3 is the primary where the web connections go, and in case it’s not available the traffic gets to 10.0.0.2 or to 10.0.0.1 in case 10.0.0.2 and 10.0.0.3 are not available.

I’m getting the following error when i connect to the web page https://graylog.local.net

Server currently unavailable
We are experiencing problems connecting to the Graylog server running on https://10.0.0.3:9000/api/. Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can connect to the server.
Do you need a hand? We can help you.
Less details

This is the last response we received from the server:
Error message
Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Original Request
GET https://10.0.0.3:9000/api/system/sessions
Status code
undefined
Full error message
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the

my graylog config is:
rest_listen_uri = https://10.0.0.3:9000/api/
rest_transport_uri = https://10.0.0.3:9000/api/
web_listen_uri = https://10.0.0.3:9000/
web_endpoint_uri = https://10.0.0.3:9000/api/

do i do anything wrong with the config on the graylog side?

Thanks,
Marius.

2

Is https://10.0.0.3:9000/api/ (and all the other 10.0.0.0/8 addresses you’ve mentioned) reachable from your web browser?

3

yes they are, all of them

4

Have you configured Graylog to enable HTTPS on the Graylog REST API (via rest_enable_tls=true)?

Hint: Maybe your web_endpoint_uri should be different, if you’re terminating SSL/HTTPS in your load balancer.

5

i have the web and the rest set to true

rest_enable_tls = true
web_enable_tls = true

the load balancer is doing a redirect from https://graylog.local.net to https://10.0.0.3:9000/api/

6

What happens if you open https://10.0.0.3:9000/ in a fresh browser session?

What does “redirect” mean exactly? Is it sending an HTTP response with status 30x and a proper Location header?

7

i don’t have access to the LB itself, but the healthchecks are done with HTTPS and it is sending a https response, as far as i know.

do you think that LB might be the problem?

8

No, I think that your Graylog configuration is the problem.

9

now i changed it to
web_endpoint_uri = https://graylog.local.net:9000/api/

and now i get
We are experiencing problems connecting to the Graylog server running on https://graylog.local.net:9000/api/. Please verify that the server is healthy and working correctly.

10

Why did you choose to use this URI when you’re using https://graylog.local.net in your web browser?

Hint: Maybe https://graylog.local.net/api/ might work?

11

that config works like a charm.

Many thanks for your help Jochen :slight_smile:

12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.