Nginx is a completely separate container from the graylog. So no linked container and nginx need to access to graylog with the graylog exposed ports 9000 and 12900.
Jirayut On Thursday, May 26, 2016 at 3:58:00 PM UTC+7, Martin René Mortensen wrote: > > I think your rest and web listen uri has to have port number configured. > Thats also the problem, there is no listener on the port you proxy to. > > Is the nginx in a separate linked docker container? on the docker host? in > the graylog container? You have to expose the ports correctly if the nginx > is not in the same docker container as the graylog server. > > Brgds. > Martin > > On Thursday, 26 May 2016 09:13:32 UTC+2, Jirayut Nimsaeng wrote: >> >> I'm using graylog2/server:2.0.1-2 docker image from here >> https://hub.docker.com/r/graylog2/server/. So I'm going to do everything >> behind the nginx reverse proxy with https to secure communication both web >> interface and rest api. This is my nginx configuration >> >> server { >> listen 80; >> server_name graylog.example.com; >> ## redirect http to https ## >> rewrite ^ https://graylog.example.com$request_uri? permanent; >> } >> >> server { >> >> listen 443 ssl; >> >> ssl on; >> ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; >> ssl_certificate /etc/nginx/certs/graylog.example.com.crt; >> >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >> ssl_prefer_server_ciphers on; >> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; >> ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 >> ssl_session_cache shared:SSL:10m; >> ssl_session_tickets off; # Requires nginx >= 1.5.9 >> ssl_stapling on; # Requires nginx >= 1.3.7 >> ssl_stapling_verify on; # Requires nginx => 1.3.7 >> resolver 8.8.4.4 8.8.8.8 valid=300s; >> resolver_timeout 5s; >> #add_header Strict-Transport-Security "max-age=63072000; >> includeSubdomains; preload"; >> #add_header X-Frame-Options DENY; >> #add_header X-Content-Type-Options nosniff; >> >> ssl_dhparam /etc/nginx/certs/dhparam.pem; >> >> chunked_transfer_encoding on; >> >> server_name graylog.example.com; >> server_tokens off; ## Don't show the nginx version number, a security >> best practice >> >> ## Increase this if you want to upload large attachments >> client_max_body_size 0; >> >> ## Individual nginx logs for this vhost >> access_log /var/log/nginx/graylog.example.com_access.log; >> error_log /var/log/nginx/graylog.example.com_error.log; >> >> location / { >> include proxy_params; >> proxy_pass http://graylog_web_backend; >> } >> location /api { >> rewrite ^/api(.*)$ $1 break; >> include proxy_params; >> proxy_pass http://graylog_api_backend; >> } >> } >> >> upstream graylog_web_backend { >> server 172.17.0.1:9000; >> } >> upstream graylog_api_backend { >> server 172.17.0.1:12900; >> } >> >> This is environment that I used to config graylog container >> >> GRAYLOG_PASSWORD_SECRET: CHANGEME >> GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ >> GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ >> >> I can access to web interface and logged in to graylog. But if I access >> to System / Overview page. I got this message log from docker logs -f >> graylog command >> >> 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. >> ProxiedResource - Unable to call https:// >> graylog.example.com:12900/system/metrics/multiple on node >> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >> (class java.net.SocketTimeoutException) >> 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. >> ProxiedResource - Unable to call https:// >> graylog.example.com:12900/system/jobs on node >> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >> (class java.net.SocketTimeoutException) >> 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. >> ProxiedResource - Unable to call https:// >> graylog.example.com:12900/system/metrics/multiple on node >> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >> (class java.net.SocketTimeoutException) >> 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. >> ProxiedResource - Unable to call https:// >> graylog.example.com:12900/system/metrics/multiple on node >> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >> (class java.net.SocketTimeoutException) >> 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. >> ProxiedResource - Unable to call https:// >> graylog.example.com:12900/system/metrics/multiple on node >> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >> (class java.net.SocketTimeoutException) >> >> So I assume that the system still think that rest api still at port >> 12900. Anyone try this before? any work around? Or any proper way to do >> this? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2860c05d-c399-4df5-8a28-45e7ab7f3231%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
