lmm5247
(Logan M)
January 29, 2019, 4:31pm
1
I have Graylog setup and running and can access it on the server’s IP (e.g., 10.10.2.29:9000).
I’d rather not install Nginx on the Graylog server, since I have a separate server that is running Nginx with Let’s Encrypt and a reverse proxy. I can successfully access other services with this reverse proxy.
I would like to setup Graylog to run on a subdirectory (e.g., https://nginx02.internal.server.com/graylog ). I’ve seen these examples , but I don’t know what to set in the Graylog server.conf file to make this work.
My applicable server.conf settings (I can post the entire config if needed).
http_bind_address = 10.10.2.29:9000
My Nginx config. Do I have the correct settings here?
server {
listen 443 ssl http2;
server_name internal.server.com;
#SSL/TLS settings
include /etc/nginx/sites-available/_ssl.conf;
ssl_certificate /etc/letsencrypt/live/internal.server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/internal.server.com/privkey.pem;
ssl_dhparam /etc/nginx/ssl/nginx02/dhparam4096.pem;
root /var/www/dashboard;
autoindex off;
index index.php index.html;
location /graylog/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://10.10.2.29:9000;
}
}
1 Like
I’m having exactly the same problem.
kotecek
February 4, 2019, 10:52am
4
Same issue here. Does anyone know how to solve this?
jan
(Jan Doberstein)
February 4, 2019, 11:07am
5
this is a documentation issue - what will be hopefully fixed in the next week.
lmm5247
(Logan M)
February 14, 2019, 8:56pm
6
@jan , was this updated yet?
I have the reverse proxy working, to a small degree. This Nginx config will load Graylog, and I can login via https://log.internal.mydomain.com .
server {
listen 443 ssl http2;
server_name log.internal.mydomain.com;
#SSL/TLS settings
ssl_certificate /etc/letsencrypt/live/internal.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/internal.mydomain.com/privkey.pem;
location / {
proxy_pass http://10.10.2.29:9000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
}
}
However, I cannot change anything, like re-arrange dashboards. This is the error I receive.
I can still login to Graylog without HTTPS (on http://10.10.2.29:9000 ) and make edits as needed.
The applicable settings from my server.conf file are as follows:
http_bind_address = 0.0.0.0:9000
trusted_proxies = 10.10.2.1/32
FWIW, I have some issues proxying this way with apache as well. Everything works fine except for everything under the ‘‘System’’ menu. Everything there adds an extra ‘’/graylog/’’ to the path in the returned html. See https://github.com/Graylog2/graylog2-server/issues/5610#issue-403893017
Here is the relevant part of my apache config:
<Location /graylog>
RequestHeader set X-Graylog-Server-URL "https://$public/graylog/"
ProxyPass http://$private:9000
ProxyPassReverse http://$private:9000
</Location>
I could possibly address this with a rewrite, but I’d rather not if there is something going on with the code that generates the system menu.
jan
(Jan Doberstein)
February 20, 2019, 4:40pm
9
I have created an issue for that:
1 Like
system
(system)
Closed
March 6, 2019, 4:45pm
10
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.