I'm using graylog2/server:2.0.1-2 docker image from here
https://hub.docker.com/r/graylog2/server/. So I'm going to do everything
behind the nginx reverse proxy with https to secure communication both web
interface and rest api. This is my nginx configuration
server {
listen 80;
server_name graylog.example.com;
## redirect http to https ##
rewrite ^ https://graylog.example.com$request_uri? permanent;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate_key /etc/nginx/certs/graylog.example.com.key;
ssl_certificate /etc/nginx/certs/graylog.example.com.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 5s;
#add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/nginx/certs/dhparam.pem;
chunked_transfer_encoding on;
server_name graylog.example.com;
server_tokens off; ## Don't show the nginx version number, a security
best practice
## Increase this if you want to upload large attachments
client_max_body_size 0;
## Individual nginx logs for this vhost
access_log /var/log/nginx/graylog.example.com_access.log;
error_log /var/log/nginx/graylog.example.com_error.log;
location / {
include proxy_params;
proxy_pass http://graylog_web_backend;
}
location /api {
rewrite ^/api(.*)$ $1 break;
include proxy_params;
proxy_pass http://graylog_api_backend;
}
}
upstream graylog_web_backend {
server 172.17.0.1:9000;
}
upstream graylog_api_backend {
server 172.17.0.1:12900;
}
This is environment that I used to config graylog container
GRAYLOG_PASSWORD_SECRET: CHANGEME
GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/
GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/
I can access to web interface and logged in to graylog. But if I access to
System / Overview page. I got this message log from docker logs -f graylog
command
2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources.
ProxiedResource - Unable to call
https://graylog.example.com:12900/system/metrics/multiple
on node <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read
timed out (class java.net.SocketTimeoutException)
2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources.
ProxiedResource - Unable to call https://graylog.example.com:12900/system/jobs
on node <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read
timed out (class java.net.SocketTimeoutException)
2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources.
ProxiedResource - Unable to call
https://graylog.example.com:12900/system/metrics/multiple
on node <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read
timed out (class java.net.SocketTimeoutException)
2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources.
ProxiedResource - Unable to call
https://graylog.example.com:12900/system/metrics/multiple
on node <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read
timed out (class java.net.SocketTimeoutException)
2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources.
ProxiedResource - Unable to call
https://graylog.example.com:12900/system/metrics/multiple
on node <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read
timed out (class java.net.SocketTimeoutException)
So I assume that the system still think that rest api still at port 12900.
Anyone try this before? any work around? Or any proper way to do this?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/97d7b879-f22d-42fc-a85e-099ceff08d8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
