NGINX & Graylog Integration

minorsatellite · November 23, 2022, 10:30pm

This is the first time I have ever worked with Nginx, and my first attempt at integrating it with Graylog. It’s also my first attempt at putting a Graylog server into production.

I don’t find Nginx too daunting given its Apache heritage and my past familiarity with it, and Graylog seems to be fairly straight forward, but I am having a strange issue that feels like a name resolution issue but I have unambiguously confirmed that it is not .

My goal is to front-end Graylog with Nginx so that I can implement SSL/TLS there instead of Graylog (the recommended approach, IIRC). Secondly, using NGINX I want to run it as both a Reverse Proxy and Load Balancer. Currently I only have on Graylog server but plan to bring others online at some point.

Now onto my problem. I have tried a variety of custom configs (using upstream and proxy_pass directives) tailored to my environment and I have also tried using a simple Graylog provided (proxy_pass) sample config and in each case the same thing happens. When attempting to connect to an internal host using an internal private subdomain of the public domain, the browser every time redirects to the TLD. For example, if my Nginx host is “graylog.internal.acme.com”, instead of getting directed to my Graylog server host, I get re-directed to the org’s website.

Here is the config that I am currently testing with:

server
{
listen 80 default_server;
listen [::]:80 default_server;
server_name graylog.internal.acme.com;

location / {
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Graylog-Server-URL http://$server_name/api;
  proxy_pass       http://10.101.10.47:9000;
}

}

Any thoughts on what might be happening?

Thanks in advance.

gsmith · December 1, 2022, 2:37am

Hey @minorsatellite

First I like to apologies for over looking your post.

Perhaps something like this

server {
 listen 443 ssl;
 server_name graylog.mydomain.com;
 location / {
   proxy_set_header Host $http_host;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-Server $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Graylog-Server-URL https://domain.com/api;
   proxy_pass http://127.0.0.1:9000;
   # proxy_pass http://ip-address:9000;
 }
 ssl on;
 ssl_certificate /etc/graylog/graylog.domain.pem;
 ssl_certificate_key /etc/graylog/graylog.domain-key.pem;
 ssl_session_timeout 5m;
 ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers on;
 access_log /var/log/nginx/graylog.access.log;
 error_log /var/log/nginx/graylog.error.log;
}

# http to https redirection
server {
    listen 80;
    server_name graylog.mydomain.com;
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^ https://$server_name$request_uri? permanent;
}

Two things that would help is using

server {
 listen 443 ssl;

And the redirect from 80 → 443

rewrite ^ https://$server_name$request_uri? permanent;

system · December 15, 2022, 2:38am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with Nginx and graylog Graylog Central (peer support)	4	1838	January 11, 2018
Nginx proxy not working correct Graylog Central (peer support)	3	1710	September 3, 2018
External access through separate nginx proxy Graylog Central (peer support)	4	4074	October 27, 2017
Graylog behind nginx sub directory how-to configure Graylog Central (peer support)	12	7973	February 14, 2018
Graylog with Nginx reverse proxy blank web interface Graylog Central (peer support)	5	8682	October 13, 2020

NGINX & Graylog Integration

Related Topics