Nginx Reverse Proxy +HTTPS with Graylog 3.0 on subdirectory (e.g.,

(Logan M) #1

I have Graylog setup and running and can access it on the server’s IP (e.g.,

I’d rather not install Nginx on the Graylog server, since I have a separate server that is running Nginx with Let’s Encrypt and a reverse proxy. I can successfully access other services with this reverse proxy.

I would like to setup Graylog to run on a subdirectory (e.g., I’ve seen these examples, but I don’t know what to set in the Graylog server.conf file to make this work.

My applicable server.conf settings (I can post the entire config if needed).
http_bind_address =

My Nginx config. Do I have the correct settings here?

server {
  listen 443 ssl http2;

  #SSL/TLS settings
  include /etc/nginx/sites-available/_ssl.conf;
  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;
  ssl_dhparam /etc/nginx/ssl/nginx02/dhparam4096.pem;

  root /var/www/dashboard;
  autoindex off;
  index index.php index.html;

  location /graylog/ {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/;
      rewrite          ^/graylog/(.*)$  /$1  break;



I’m having exactly the same problem.


Same issue here. Does anyone know how to solve this?

(Jan Doberstein) #5

this is a documentation issue - what will be hopefully fixed in the next week.

(Logan M) #6

@jan, was this updated yet?

I have the reverse proxy working, to a small degree. This Nginx config will load Graylog, and I can login via

server {
  listen 443 ssl http2;

  #SSL/TLS settings
  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;

  location / {
    proxy_set_header   Host                  $host;
    proxy_set_header   X-Real-IP             $remote_addr;
    proxy_set_header   X-Forwarded-For       $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host      $host;
    proxy_set_header   X-Forwarded-Server    $host;
    proxy_set_header   X-Graylog-Server-URL  https://$server_name/;

However, I cannot change anything, like re-arrange dashboards. This is the error I receive.

I can still login to Graylog without HTTPS (on and make edits as needed.

The applicable settings from my server.conf file are as follows:

http_bind_address =
trusted_proxies =

(Jan Doberstein) #7

nope - not yet updated.


FWIW, I have some issues proxying this way with apache as well. Everything works fine except for everything under the ‘‘System’’ menu. Everything there adds an extra ‘’/graylog/’’ to the path in the returned html. See

Here is the relevant part of my apache config:

<Location /graylog>
    RequestHeader set X-Graylog-Server-URL "https://$public/graylog/"
    ProxyPass http://$private:9000
    ProxyPassReverse http://$private:9000

I could possibly address this with a rewrite, but I’d rather not if there is something going on with the code that generates the system menu.