Hi Jochen
Yes you are right. Checking up on it, it is a v1.3.4. Is it possible to do what I would like to do in this version? Will take a look at the documentation and see if I can find a solution there. Best regards. René Jensen ________________________________ From: graylog2@googlegroups.com <graylog2@googlegroups.com> on behalf of Jochen Schalanda <joc...@graylog.com> Sent: Thursday, December 8, 2016 2:15 PM To: Graylog Users Subject: [graylog2] Re: Redirect of port 9000 to https Hi René, it looks like you're using an old version of Graylog (i. e. before Graylog 2.0.0) which doesn't support the X-Graylog-Server-URL HTTP request header. If you want to follow the documentation on http://docs.graylog.org/en/2.1/pages/configuration/https.html, you'll have to upgrade to Graylog 2.1.2 first. Cheers, Jochen On Thursday, 8 December 2016 14:03:56 UTC+1, rene....@sonymobile.com wrote: I have now for a while tried to setup graylog with https only access. I have followed the graylog documentation to the point and are now using the nginx solution to access graylog-web using https. This part works fine for me, but the problem is it is still accessable using http://fqdn:9000. I found then I could disable http.port and enable https.port with access to keystore like this in /etc/default/graylog-web: # HTTP server settings. GRAYLOG_WEB_HTTP_ADDRESS="0.0.0.0" GRAYLOG_WEB_HTTP_PORT="8443" # Might be used to adjust the Java heap size. (i.e. "-Xms1024m -Xmx2048m") #GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks -Dhttps.port=8443 -Dhttps.keyStore=/etc/graylog/cert/cacerts.jks -Dhttps.keyStorePassword=changeit -Dhttp.port=disabled" GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks" # Pass some extra args to graylog-web. (i.e. "-d" to enable debug mode) GRAYLOG_WEB_ARGS="" # Program that will be used to wrap the graylog-web command. Useful to # support programs like authbind. GRAYLOG_COMMAND_WRAPPER="" and in /etc/nginx/conf.d/graylog.conf I defined this: server { listen 443 ssl spdy; server_name fqdn; # <- your SSL Settings here! ssl_certificate /etc/graylog/cert/graylog-cert.pem; ssl_certificate_key /etc/graylog/cert/graylog-key.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #ssl_password_file /etc/graylog/cert/graylog.pwd location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Graylog-Server-URL https://fqdn/api; proxy_pass https://127.0.0.1:8443; } } Resulting in a nginx gateway error 502 when trying to access graylog in a browser. How would I be able to get the https access solely without being able to access http://fqdn:9000 on the graylog-web? BR. René Jensen -- You received this message because you are subscribed to a topic in the Google Groups "Graylog Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/T_lT4muKigc/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+unsubscr...@googlegroups.com<mailto:graylog2+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8d1ea90b-469d-4dc6-947a-a85b7c5c2217%40googlegroups.com<https://groups.google.com/d/msgid/graylog2/8d1ea90b-469d-4dc6-947a-a85b7c5c2217%40googlegroups.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1481203401618.36949%40sonymobile.com. For more options, visit https://groups.google.com/d/optout.
