Unable to reach graylog ui while using docker and nginx reverse proxy

Hi all, I’m having some issues getting graylog setup in our AWS environment. Our setup is pretty simple with having a docker image with graylog, nginx, and mongodb. Then using an AWS elasticsearch cluster.

When navigating to our website nginx logs the following messages:

nginx_1    | 2018/09/20 22:37:36 [error] 5#5: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 96.78.0.242, server: staging.logs.payments.campspot.com, request: "GET / HTTP/1.1", upstream: "http://172.18.0.3:9000/", host: "staging.logs.payments.campspot.com"
nginx_1    | 96.78.0.242 - - [20/Sep/2018:22:37:36 +0000] "GET / HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
nginx_1    | 2018/09/20 22:37:37 [error] 5#5: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 96.78.0.242, server: staging.logs.payments.campspot.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.18.0.3:9000/favicon.ico", host: "staging.logs.payments.campspot.com", referrer: "http://staging.logs.payments.campspot.com/"
nginx_1    | 96.78.0.242 - - [20/Sep/2018:22:37:37 +0000] "GET /favicon.ico HTTP/1.1" 502 575 "http://staging.logs.payments.campspot.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"

Here is my graylog.conf

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = ************************
root_username = campspot
root_password_sha2 = ************************
root_email = tech@campspot.com
bin_dir = bin
data_dir = data
plugin_dir = plugin
elasticsearch_hosts = ************************
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = data/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://mongo/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32
web_enabled = true
web_listen_uri = http://127.0.0.1:9000/
rest_listen_uri = http://127.0.0.1:9000/api/
rest_transport_uri = http://staging.logs.payments.campspot.com:9000/api/

This is my nginx.conf

events {

}
http {

  map $http_host $auth_type {
    default                     "off";
    logs.payments.campspot.com    "off";
  }

  server {
    listen 80;

    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;

    #auth_basic $auth_type;
    #auth_basic_user_file /etc/nginx/.htpasswd;

    server_name logs.payments.campspot.com;
    ssl_certificate /etc/letsencrypt/live/staging.logs.payments.campspot.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.logs.payments.campspot.com/privkey.pem;

    location ~* / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Graylog-Server-URL http://$server_name/api;
        proxy_pass       http://127.0.0.1:9000;
    }
  }
}

this is my docker-compose.yml

version: '3'
services:
  mongo:
    image: mongo:3
    volumes:
    - mongo_data:/data/db
  graylog:
    image: graylog/graylog:2.4
    volumes:
    - graylog_journal:/usr/share/graylog/data/journal
    - /etc/graylog/server:/usr/share/graylog/data/config # Mount local configuration directory into Docker container
    - /etc/graylog:/etc/graylog
    links:
    - mongo
    - nginx
    ports:
    - 9000:9000 # Graylog web interface and REST API
    - 514:514 # Syslog TCP
    - 514:514/udp # Syslog UDP
    - 12201:12201 # GELF TCP
    - 12201:12201/udp # GELF UDP
  nginx:
    image: nginx
    volumes:
    - /etc/nginx:/etc/nginx
    - /etc/letsencrypt:/etc/letsencrypt
    ports:
    - "80:80"
    - "443:443"

volumes:
  mongo_data:
    driver: local
  graylog_journal:
    driver: local

I can provide the full logs if they would be of help.

Heyo @Casey,

Your Graylog is only listening on it’s containers local loopback address 127.0.0.1. This is why it is not responding to requests on the IP 172.18.0.3.

You’ll have to alter the Graylog config for it to respond to 172.18.0.3

You might also want to consider to use Dockers internal DNS system where you can use the container name as hostname. So if your Graylog container has to be restarted and, for some reason, gets a different IP address, your system would still work and not run into the same issue again

Greetings,
Philipp

your Graylog configuration is pointing to port 9000 while NGINX is running on 443

rest_transport_uri = http://staging.logs.payments.campspot.com:9000/api/

 server {
    listen 443 ssl;

Thank you @DerPhilipsi & @jan those changes helped me get a little bit further.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.