I have a problem with my graylog setup. I’ve done a few before with no issues, but this one is a little bit different.
I am deploying graylog for a customer, we have an IPsec VPN to reach their servers, and we want to reach graylog web interface via an IPsec IP: 100.64.x.x:9000, NAT is working okay.
So the problem is, if I configure like this:
rest_listen_uri = http://0.0.0.0:9000/api/ rest_transport_uri = http://100.64.x.x:9000/api/ web_listen_uri = http://0.0.0.0:9000/
I can reach the web interface, but when I try to start an input or if I try to get to some of the things in the web interface:
WARN [ProxiedResource] Unable to call http://100.64.x.x:9000/api/system/metrics/multiple WARN [ProxiedResource] Unable to call http://100.64.x.x:9000/api/system/jobs WARN [ProxiedResource] Unable to call http://100.64.x.x:9000/api/system/inputstates
It looks like the graylog server tries to reach itself via the ipsec ip, not the local.
Of course if I uncomment rest_transport_uri , I can’t reach the web interface via the 100.64.x.x IP, I tried a bunch of configurations, like:
rest_listen_uri = http://0.0.0.0:9000/api/ # rest_transport_uri = http://100.64.x.x:9000/api/ web_listen_uri = http://0.0.0.0:9000/ web_endpoint_uri = http://100.64.x.x:9000/
I reach the web interface, but with these settings I can’t login, as I get “404 - cannot POST” errors.
Do you have any advice what should I do differently? Use different ports for the api and the web interface?
Thanks in advance!