Hi I have issues with graylog 2.0 GA release, cant get reverse proxy working, i tried on ubuntu 14,04 rhel 6 and 7, always same error
my setup: mongo 3.2 elastisearch 2.3.2 graylog 2.0 GA nginx 1.9.5 When im trying to access remote machine (same network), im getting this error in browser If I access localhost directly on graylog machine it is working > >> Server currently unavailable >>> >>> We are experiencing problems connecting to the Graylog server running on >>> http://127.0.0.1:12900//. Please verify that the server is healthy and >>> working correctly. >>> >>> You will be automatically redirected to the previous page once we can >>> connect to the server. >>> >>> Do you need a hand? We can help you. >>> Less details >>> >>> This is the last response we received from the server: >>> >>> Error message >>> Bad request >>> Original Request >>> GET http://127.0.0.1:12900/system/cluster/node >>> Status code >>> undefined >>> Full error message >>> Error: Request has been terminated >>> Possible causes: the network is offline, Origin is not allowed by >>> Access-Control-Allow-Origin, the page is being unloaded, etc. >>> >> *My Nginx configuration:* user nginx; > worker_processes 1; > > error_log /var/log/nginx/error.log warn; > pid /var/run/nginx.pid; > > > events { > worker_connections 1024; > } > > > http { > include /etc/nginx/mime.types; > default_type application/octet-stream; > > log_format main '$remote_addr - $remote_user [$time_local] > "$request" ' > '$status $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for"'; > > access_log /var/log/nginx/access.log main; > > sendfile on; > #tcp_nopush on; > > keepalive_timeout 65; > > #gzip on; > > #include /etc/nginx/conf.d/*.conf; > > server { > listen 80; > location / { > proxy_pass http://localhost:9000/; > proxy_http_version 1.1; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_pass_request_headers on; > proxy_connect_timeout 150; > proxy_send_timeout 100; > proxy_read_timeout 100; > proxy_buffers 4 32k; > client_max_body_size 8m; > client_body_buffer_size 128k; > } > } > > } > *graylog configuration file, i changed just field marked with red* # If you are running more than one instances of Graylog server you have to select one of these # instances as master. The master will perform some periodical tasks that non-masters won't perform. is_master = true # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea # to use an absolute file path here if you are starting Graylog server from init scripts or similar. node_id_file = /etc/graylog/server/node-id # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. # Generate one by using for example: pwgen -N 1 -s 96 *password_secret = xxxxxxxxxx* # The default root user is named 'admin' #root_username = admin # You MUST specify a hash password for the root user (which you only need to initially set up the # system and in case you lose connectivity to your authentication backend) # This password cannot be changed using the API or via the web interface. If you need to change it, # modify it in this file. # Create one by using for example: echo -n yourpassword | shasum -a 256 # and put the resulting hash value into the following line *root_password_sha2 = xxxxxxxxxx* # The email address of the root user. # Default is empty #root_email = "" # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones. # Default is UTC #root_timezone = UTC # Set plugin directory here (relative or absolute) plugin_dir = /usr/share/graylog-server/plugin # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors. rest_listen_uri = http://127.0.0.1:12900/ # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting # the scheme, host name or URI. #rest_transport_uri = http://192.168.1.1:12900/ # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. # If these are disabled, modern browsers will not be able to retrieve resources from the server. # This is enabled by default. Uncomment the next line to disable it. #rest_enable_cors = false # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce # overall round trip times. This is disabled by default. Uncomment the next line to enable it. #rest_enable_gzip = true # Enable HTTPS support for the REST API. This secures the communication with the REST API with # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the # next line to enable it. #rest_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the REST API. #rest_tls_cert_file = /path/to/graylog.crt # The PKCS#8 private key file in PEM format to use for securing the REST API. #rest_tls_key_file = /path/to/graylog.key # The password to unlock the private key used for securing the REST API. #rest_tls_key_password = secret # The maximum size of the HTTP request headers in bytes. #rest_max_header_size = 8192 # The maximal length of the initial HTTP/1.1 line in bytes. #rest_max_initial_line_length = 4096 # The size of the thread pool used exclusively for serving the REST API. #rest_thread_pool_size = 16 # Enable the embedded Graylog web interface. # Default: true #web_enable = false # Web interface listen URI #web_listen_uri = http://127.0.0.1:9000/ # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header. # Default: $rest_transport_uri #web_endpoint_uri = # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly. # If these are disabled, modern browsers will not be able to retrieve resources from the server. #web_enable_cors = false # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce # overall round trip times. This is enabled by default. Uncomment the next line to disable it. #web_enable_gzip = false # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface # using TLS to prevent request forgery and eavesdropping. # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings. #web_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the web interface. #web_tls_cert_file = /path/to/graylog-web.crt # The PKCS#8 private key file in PEM format to use for securing the web interface. #web_tls_key_file = /path/to/graylog-web.key # The password to unlock the private key used for securing the web interface. #web_tls_key_password = secret # The maximum size of the HTTP request headers in bytes. #web_max_header_size = 8192 # The maximal length of the initial HTTP/1.1 line in bytes. #web_max_initial_line_length = 4096 # The size of the thread pool used exclusively for serving the web interface. #web_thread_pool_size = 16 # Configuration file for the embedded Elasticsearch instance in Graylog. # Pay attention to the working directory of the server, maybe use an absolute path here. # Default: empty #elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml # Disable checking the version of Elasticsearch for being compatible with this Graylog release. # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss! #elasticsearch_disable_version_check = true # Disable message retention on this node, i. e. disable Elasticsearch index rotation. #no_retention = false # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices. *elasticsearch_shards = 1* elasticsearch_replicas = 0 # Prefix for all Elasticsearch indices and index aliases managed by Graylog. elasticsearch_index_prefix = graylog # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping. # # Default: graylog-internal #elasticsearch_template_name = graylog-internal # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only # be enabled with care. See also: https://www.graylog.org/documentation/general/queries/ allow_leading_wildcard_searches = false # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and # should only be enabled after making sure your Elasticsearch cluster has enough memory. allow_highlighting = false # settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file) # all these # this must be the same as for your Elasticsearch cluster #elasticsearch_cluster_name = graylog # The prefix being used to generate the Elasticsearch node name which makes it easier to identify the specific Graylog # server running the embedded Elasticsearch instance. The node name will be constructed by concatenating this prefix # and the Graylog node ID (see node_id_file), for example "graylog-17052010-1234-5678-abcd-1337cafebabe". # Default: graylog- #elasticsearch_node_name_prefix = graylog- # A comma-separated list of Elasticsearch nodes which Graylog is using to connect to the Elasticsearch cluster, # see https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-discovery-zen.html for details. # Default: 127.0.0.1 #elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300, 127.0.0.2:9500 # we don't want the Graylog server to store any data, or be master node #elasticsearch_node_master = false #elasticsearch_node_data = false # use a different port if you run multiple Elasticsearch nodes on one machine #elasticsearch_transport_tcp_port = 9350 # we don't need to run the embedded HTTP server here #elasticsearch_http_enabled = false # Enable Elasticsearch multicast discovery. This requires the installation of an Elasticsearch plugin, # see https://www.elastic.co/guide/en/elasticsearch/plugins/2.3/discovery-multicast.html for details. # Default: false #elasticsearch_discovery_zen_ping_multicast_enabled = false # Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery. # The setting is specified in milliseconds, the default is 5000ms (5 seconds). #elasticsearch_cluster_discovery_timeout = 5000 # the following settings allow to change the bind addresses for the Elasticsearch client in Graylog # these settings are empty by default, letting Elasticsearch choose automatically, # override them here or in the 'elasticsearch_config_file' if you need to bind to a special address # refer to http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-network.html # for special values here #elasticsearch_network_host = #elasticsearch_network_bind_host = #elasticsearch_network_publish_host = # The total amount of time discovery will look for other Elasticsearch nodes in the cluster # before giving up and declaring the current node master. #elasticsearch_discovery_initial_state_timeout = 3s # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea. # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom # Elasticsearch documentation: http://www.elasticsearch.org/guide/reference/index-modules/analysis/ # Note that this setting only takes effect on newly created indices. elasticsearch_analyzer = standard # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations. # Default: 1m #elasticsearch_request_timeout = 1m # Time interval for index range information cleanups. This setting defines how often stale index range information # is being purged from the database. # Default: 1h #index_ranges_cleanup_interval = 1h # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember # that every outputbuffer processor manages its own batch and performs its own batch write calls. # ("outputbuffer_processors" variable) output_batch_size = 500 # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages # for this time period is less than output_batch_size * outputbuffer_processors. output_flush_interval = 1 # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and # over again. To prevent this, the following configuration options define after how many faults an output will # not be tried again for an also configurable amount of seconds. output_fault_count_threshold = 5 output_fault_penalty_seconds = 30 # The number of parallel running processors. # Raise this number if your buffers are filling up. processbuffer_processors = 5 outputbuffer_processors = 3 #outputbuffer_processor_keep_alive_time = 5000 #outputbuffer_processor_threads_core_pool_size = 3 #outputbuffer_processor_threads_max_pool_size = 30 # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput). #udp_recvbuffer_sizes = 1048576 # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping) # Possible types: # - yielding # Compromise between performance and CPU usage. # - sleeping # Compromise between performance and CPU usage. Latency spikes can occur after quiet periods. # - blocking # High throughput, low latency, higher CPU usage. # - busy_spinning # Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores. processor_wait_strategy = blocking # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore. # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache. # Must be a power of 2. (512, 1024, 2048, ...) ring_size = 65536 inputbuffer_ring_size = 65536 inputbuffer_processors = 2 inputbuffer_wait_strategy = blocking # Enable the disk based message journal. message_journal_enabled = true # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and # must not contain any other files than the ones created by Graylog itself. message_journal_dir = /var/lib/graylog-server/journal # Journal hold messages before they could be written to Elasticsearch. # For a maximum of 12 hours or 5 GB whichever happens first. # During normal operation the journal will be smaller. #message_journal_max_age = 12h #message_journal_max_size = 5gb #message_journal_flush_age = 1m #message_journal_flush_interval = 1000000 #message_journal_segment_age = 1h #message_journal_segment_size = 100mb # Number of threads used exclusively for dispatching internal events. Default is 2. #async_eventbus_processors = 2 # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual # shutdown process. Set to 0 if you have no status checking load balancers in front. lb_recognition_period_seconds = 3 # Every message is matched against the configured streams and it can happen that a stream contains rules which # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking. # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other # streams, Graylog limits the execution time for each stream. # The default values are noted below, the timeout is in milliseconds. # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times # that stream is disabled and a notification is shown in the web interface. #stream_processing_timeout = 2000 #stream_processing_max_faults = 3 # Length of the interval in seconds in which the alert conditions for all streams should be checked # and alarms are being sent. #alert_check_interval = 60 # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple # outputs. The next setting defines the timeout for a single output module, including the default output module where all # messages end up. # # Time in milliseconds to wait for all message outputs to finish writing a single message. #output_module_timeout = 10000 # Time in milliseconds after which a detected stale master node is being rechecked on startup. #stale_master_timeout = 2000 # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown. #shutdown_timeout = 30000 # MongoDB connection string # See http://docs.mongodb.org/manual/reference/connection-string/ for details mongodb_uri = mongodb://localhost/graylog # Authenticate against the MongoDB server #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog # Use a replica set instead of a single host #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog # Increase this value according to the maximum connections your MongoDB server can handle from a single client # if you encounter MongoDB connection problems. mongodb_max_connections = 1000 # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, # then 500 threads can block. More than that and an exception will be thrown. # http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier mongodb_threads_allowed_to_block_multiplier = 5 # Drools Rule File (Use to rewrite incoming log messages) # See: https://www.graylog.org/documentation/general/rewriting/ #rules_file = /etc/graylog/server/rules.drl # Email transport #transport_email_enabled = false #transport_email_hostname = mail.example.com #transport_email_port = 587 #transport_email_use_auth = true #transport_email_use_tls = true #transport_email_use_ssl = true #transport_email_auth_username = [email protected] #transport_email_auth_password = secret #transport_email_subject_prefix = [graylog] #transport_email_from_email = [email protected] # Specify and uncomment this if you want to include links to the stream in your stream alert mails. # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users. #transport_email_web_interface_url = https://graylog.example.com # The default connect timeout for outgoing HTTP connections. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). # Default: 5s #http_connect_timeout = 5s # The default read timeout for outgoing HTTP connections. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). # Default: 10s #http_read_timeout = 10s # The default write timeout for outgoing HTTP connections. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). # Default: 10s #http_write_timeout = 10s # HTTP proxy for outgoing HTTP connections #http_proxy_uri = # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize # cycled indices. #disable_index_optimization = true # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch # on heavily used systems with large indices, but it will decrease search performance. The default is 1. #index_optimization_max_num_segments = 1 # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification # will be generated to warn the administrator about possible problems with the system. Default is 1 second. #gc_warning_threshold = 1s # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds. #ldap_connection_timeout = 2000 # Enable collection of Graylog-related metrics into MongoDB # WARNING: This will add *a lot* of data into your MongoDB database on a regular interval (1 second)! # DEPRECATED: This setting and the respective feature will be removed in a future version of Graylog. #enable_metrics_collection = false # Disable the use of SIGAR for collecting system stats #disable_sigar = false # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second) #dashboard_widget_default_cache_time = 10s # Automatically load content packs in "content_packs_dir" on the first start of Graylog. #content_packs_loader_enabled = true # The directory which contains content packs which should be loaded on the first start of Graylog. content_packs_dir = /usr/share/graylog-server/contentpacks # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on # the first start of Graylog. # Default: empty content_packs_auto_load = grok-patterns.json -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/08f11470-8c30-4aad-adbb-ea3fac4fa931%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
