Wilco
(Wilco)
November 19, 2019, 12:31pm
1
Hello! Iβm running graylog with docker and have the following setup in docker-compose.yml
:
graylog:
image: graylog/graylog:3.1
environment:
GRAYLOG_HTTP_EXTERNAL_URI: https://localhost/graylog/
GRAYLOG_ELASTICSEARCH_HOSTS: http://elasticsearch:9200/
GRAYLOG_MONGODB_URI: mongodb://mongo_graylog/graylog
In nginx I have use the following:
location /graylog/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Graylog-Server-URL https://localhost/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://$host_graylog;
}
I have commented out the X-Graylog-Server-URL
because it is not required with GRAYLOG_HTTP_EXTERNAL_URI
.
The result is that /graylog
itself is accessible and works as expected.
However, the api browser at /graylog/api/api-browser
is not working properly .
I get a html login screen but all other assets and REST calls are being routed to the wrong destination it seems:
[chrome browser error] Mixed Content: The page at βhttps://localhost/graylog/api/api-browser β was loaded over HTTPS, but requested an insecure stylesheet βhttp://172.22.0.8:9000/api/api-browser/css/fonts.css β. This request has been blocked; the content must be served over HTTPS.
How can I access the API browser? Thanks!
jan
(Jan Doberstein)
November 20, 2019, 6:00am
2
he @Wilco
what are your http_*
settings over all? If you read the configuration/documentation on the http_*
settings carefully you will notice that just using http_external_uri
is not enough β¦
Wilco
(Wilco)
November 25, 2019, 9:56am
3
Iβve looked at the documentation and have now set:
graylog:
image: graylog/graylog:3.1
environment:
GRAYLOG_HTTP_BIND_ADRESS: graylog:9000
GRAYLOG_HTTP_PUBLISH_URI: http://graylog:9000/
GRAYLOG_HTTP_EXTERNAL_URI: https://localhost/graylog/
GRAYLOG_ELASTICSEARCH_HOSTS: http://elasticsearch:9200/
GRAYLOG_MONGODB_URI: mongodb://mongo_graylog/graylog
still the REST API browser is not accessible:
[chrome console log] Mixed Content: The page at βhttps://localhost/graylog/api/api-browser β was loaded over HTTPS, but requested an insecure stylesheet βhttp://graylog:9000/api/api-browser/css/fonts.css β. This request has been blocked; the content must be served over HTTPS.
GRAYLOG_HTTP_BIND_ADRESS
is set to graylog:9000
since this is the service name in docker-compose.yml
. This would not work from outside docker though but that is what GRAYLOG_HTTP_EXTERNAL_URI
is for right?
I have the feeling that GRAYLOG_HTTP_EXTERNAL_URI
is not used in constructing the assets for the REST api browser. I cannot set GRAYLOG_HTTP_PUBLISH_URI
to https://localhost/graylog
because this is not accessible from within the docker container.
Thanks!
1 Like
jan
(Jan Doberstein)
November 25, 2019, 11:59am
4
HTTP_EXTERNAL
should be the URL where your BROWSER can reach the Graylog server API - so localhost will only work for a container that is running on your local machine and only for your browser.
If you want to have that reachable for any person outside your local computer that should be the nginx that you use in front of Graylog.
Wilco
(Wilco)
November 28, 2019, 8:51am
5
Thanks Jan for your reply.
Yes indeed localhost would only work for my local machine, but we have a separate docker-compose.yml
file for production environment with a different HTTP_EXTERNAL_URI
.
Even with setting an externally reachable HTTP_EXTERNAL_URI
in production the browser error still is the same, it tries to resolve the api-browser assets with an internal uri (I think HTTP_PUBLISH_URI
).
Can you try to reproduce this locally with running graylog in a docker container?
Thanks a lot!
jan
(Jan Doberstein)
November 29, 2019, 3:41pm
6
which button did you pressed? the global api browser or the node api browser?
The first use the http_external_uri
the second one the per node http_publish_uri
Wilco
(Wilco)
December 9, 2019, 8:48am
7
I was visiting /api/api-browser
but that is not the correct url it seems.
I clicked the global api browser in system/nodes and it redirects me to:
https://localhost/graylog/api/graylog/api-browser/global/index.html which gives me a 404 not found
I then manually edit the url to https://localhost/graylog/api/api-browser/global/index.html which does load the api browser visually but it does not function.
Closer inspection shows that the console has ~69 errors all like this:
shred.bundle.js:2608 GET https://localhost/graylog/api/api-docs/global/streams/{streamid}/alerts/{alertId}/history 500 (Internal Server Error)
The HTTP response is:
java.net.URISyntaxException: Illegal character in path at index 48: http://localhost:80/api/api-docs/global/streams/{streamid}/alerts/{alertId}/history
thanks!
jan
(Jan Doberstein)
December 9, 2019, 9:04am
8
he @Wilco
you should reach the api-browser via /graylog/api/api-browser
as you placed Graylog in a sub directory.
But currently this is known to be a little buggy and it will (hopefully) improved in the next versions.
Wilco
(Wilco)
December 11, 2019, 10:31am
9
That is what I did as mentioned in the initial post
jan
(Jan Doberstein)
December 11, 2019, 11:41am
10
he @Wilco
sorry - I learned yesterday something new. Behind a proxy you should use (since 3.1.3)
/api/api-browser/global/index.html
attached to your URL to access the API Browser. Can you check if that is working for you?
1 Like
Wilco
(Wilco)
December 13, 2019, 10:58am
11
Are you reading my posts? thatβs what I did here
jan
(Jan Doberstein)
December 13, 2019, 11:40am
12
sorry @Wilco
not every time the complete thread β¦ I have currently no idea what is wrong in your setup.
BUT I can confirm that this setup is (normally) working as I have NGINX as reverse proxy myself β¦
Wilco
(Wilco)
December 16, 2019, 8:43am
13
Do you have it working on a subdirectory e.g. http://<host>/graylog
? or are you on the root?
system
(system)
Closed
December 30, 2019, 8:43am
14
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.