Hi, Any luck solving this issue? I have exact the same problem as you.
Please let me know. Regards, Peter Kalkman On Thursday, May 26, 2016 at 9:13:32 AM UTC+2, Jirayut Nimsaeng wrote: > > I'm using graylog2/server:2.0.1-2 docker image from here > https://hub.docker.com/r/graylog2/server/. So I'm going to do everything > behind the nginx reverse proxy with https to secure communication both web > interface and rest api. This is my nginx configuration > > server { > listen 80; > server_name graylog.example.com; > ## redirect http to https ## > rewrite ^ https://graylog.example.com$request_uri? permanent; > } > > server { > > listen 443 ssl; > > ssl on; > ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; > ssl_certificate /etc/nginx/certs/graylog.example.com.crt; > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_prefer_server_ciphers on; > ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; > ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 > ssl_session_cache shared:SSL:10m; > ssl_session_tickets off; # Requires nginx >= 1.5.9 > ssl_stapling on; # Requires nginx >= 1.3.7 > ssl_stapling_verify on; # Requires nginx => 1.3.7 > resolver 8.8.4.4 8.8.8.8 valid=300s; > resolver_timeout 5s; > #add_header Strict-Transport-Security "max-age=63072000; > includeSubdomains; preload"; > #add_header X-Frame-Options DENY; > #add_header X-Content-Type-Options nosniff; > > ssl_dhparam /etc/nginx/certs/dhparam.pem; > > chunked_transfer_encoding on; > > server_name graylog.example.com; > server_tokens off; ## Don't show the nginx version number, a security > best practice > > ## Increase this if you want to upload large attachments > client_max_body_size 0; > > ## Individual nginx logs for this vhost > access_log /var/log/nginx/graylog.example.com_access.log; > error_log /var/log/nginx/graylog.example.com_error.log; > > location / { > include proxy_params; > proxy_pass http://graylog_web_backend; > } > location /api { > rewrite ^/api(.*)$ $1 break; > include proxy_params; > proxy_pass http://graylog_api_backend; > } > } > > upstream graylog_web_backend { > server 172.17.0.1:9000; > } > upstream graylog_api_backend { > server 172.17.0.1:12900; > } > > This is environment that I used to config graylog container > > GRAYLOG_PASSWORD_SECRET: CHANGEME > GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ > GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ > > I can access to web interface and logged in to graylog. But if I access to > System / Overview page. I got this message log from docker logs -f graylog > command > > 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/jobs on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > > So I assume that the system still think that rest api still at port 12900. > Anyone try this before? any work around? Or any proper way to do this? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b562e62d-ffb6-4556-a0a9-c1f8fe196350%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
