The spaces in the URLs are due to the fact that the amount is limited to max. 2 URLs in a posting.
Thank you for your time, attention and help.
Graylog works generally.
I can access it via the IP-Adress on the bash-shell via cli.
Via the subdomain graylog.domain.tld it also starts to load the web interface, but than stops with a 404 error for the API call.
Error message
cannot GET htt ps: // graylog .domain.tld/api/ (404)
So I assume it must be an NGINX-Error.
I followed the Setup-Guideline for Ubuntu 20.04 LTS as documented here:
htt ps :// docs .graylog .org/en/latest/pages/installation/os/ubuntu.html
server.log states everything is fine:
2021-01-12T17:37:03.022+01:00 INFO [ServiceManagerListener] Services are healthy
2021-01-12T17:37:03.023+01:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2021-01-12T17:37:03.033+01:00 INFO [ServerBootstrap] Graylog server up and running.
2021-01-12T17:37:03.034+01:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
Calling Graylog API via CLI Calls works well too:
curl -i htt p: // 127 . 0.0.1:9000/api/
RESULT
HTTP/1.1 200 OK
X-Graylog-Node-ID: 0ac30c9f-1c97-4998-a277-86172c64f714
X-Runtime-Microseconds: 2199
Content-Type: application/json
Content-Length: 232
{"cluster_id":"5711a116-b55c-464c-9fa4-eeb4dda23c98","node_id":"0ac30c9f-1c97-4998-a277-86172c64f714","version":"4.0.1+6a0cc0b","tagline":"Manage your logs in the dark and have lasers going and make it look like you're from space!"}
Running with NGINX - Proxy via SSL as documented here
htt ps: // docs . graylog . org/en/4.0/pages/configuration/web_interface.html#webif-connecting-to-server
# Quelle htt ps: // docs . graylog . org/en/4.0/pages/configuration/web_interface.html
# for Nginx
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
# proxy_ignore_headers "Cache-Control" "Expires" "X-Accel-Expires" "Set-Cookie";
}
The proxy_error_log of nginx states:
2021/01/12 18:13:49 [error] 816844#0: *2435 "/var/www/vhosts/domain.tld/graylog.domain.tld/api/index.html" is not found (2: No such file or directory), client: 85.1232.221.95, server: domain.tld, request: "GET /api/ HTTP/2.0", host: "graylog.domain.tld", referrer: "https://domain.tld/"
Eventhough I don’t believe it’s an configuration issue here is the server.conf
############################
# GRAYLOG CONFIGURATION FILE
############################
#
is_master = true
node_id_file = /etc/graylog/server/node-id
# The minimum length for "password_secret" is 16 characters.
password_secret = ....
# Default: bin
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin
# Default: 127.0.0.1:9000
http_bind_address = 127.0.0.1:9000
#### HTTP publish URI
# Default: http://$http_bind_address/
#http_publish_uri = http://graylog.domain.tld:9000/
#### External Graylog URI
# Default: $http_publish_uri
#http_external_uri = https://graylog.domain.tld/
#TEST-Weise, wohl eher veraltete Informationen...
#rest_listen_uri = https://graylog.domain.tld/api
#web_listen_uri = https://graylog.domain.tld/
#### Enable CORS headers for HTTP interface
#
# This allows browsers to make Cross-Origin requests from any origin.
# This is disabled for security reasons and typically only needed if running graylog
# with a separate server for frontend development.
#
# Default: false
#http_enable_cors = false
#### Enable GZIP support for HTTP interface
http_enable_gzip = true