2 separate containers dont have access to eachothers resrouces unless they are linked. This would explain the connection refused.
Read all about it: https://docs.docker.com/compose/link-env-deprecated/ (this is the old method, for pre docker 1.10) Brgds. Martin On Thursday, 26 May 2016 11:03:37 UTC+2, Jirayut Nimsaeng wrote: > > Nginx is a completely separate container from the graylog. So no linked > container and nginx need to access to graylog with the graylog exposed > ports 9000 and 12900. > > Jirayut > > On Thursday, May 26, 2016 at 3:58:00 PM UTC+7, Martin René Mortensen wrote: >> >> I think your rest and web listen uri has to have port number configured. >> Thats also the problem, there is no listener on the port you proxy to. >> >> Is the nginx in a separate linked docker container? on the docker host? >> in the graylog container? You have to expose the ports correctly if the >> nginx is not in the same docker container as the graylog server. >> >> Brgds. >> Martin >> >> On Thursday, 26 May 2016 09:13:32 UTC+2, Jirayut Nimsaeng wrote: >>> >>> I'm using graylog2/server:2.0.1-2 docker image from here >>> https://hub.docker.com/r/graylog2/server/. So I'm going to do >>> everything behind the nginx reverse proxy with https to secure >>> communication both web interface and rest api. This is my nginx >>> configuration >>> >>> server { >>> listen 80; >>> server_name graylog.example.com; >>> ## redirect http to https ## >>> rewrite ^ https://graylog.example.com$request_uri? permanent; >>> } >>> >>> server { >>> >>> listen 443 ssl; >>> >>> ssl on; >>> ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; >>> ssl_certificate /etc/nginx/certs/graylog.example.com.crt; >>> >>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >>> ssl_prefer_server_ciphers on; >>> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; >>> ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 >>> ssl_session_cache shared:SSL:10m; >>> ssl_session_tickets off; # Requires nginx >= 1.5.9 >>> ssl_stapling on; # Requires nginx >= 1.3.7 >>> ssl_stapling_verify on; # Requires nginx => 1.3.7 >>> resolver 8.8.4.4 8.8.8.8 valid=300s; >>> resolver_timeout 5s; >>> #add_header Strict-Transport-Security "max-age=63072000; >>> includeSubdomains; preload"; >>> #add_header X-Frame-Options DENY; >>> #add_header X-Content-Type-Options nosniff; >>> >>> ssl_dhparam /etc/nginx/certs/dhparam.pem; >>> >>> chunked_transfer_encoding on; >>> >>> server_name graylog.example.com; >>> server_tokens off; ## Don't show the nginx version number, a security >>> best practice >>> >>> ## Increase this if you want to upload large attachments >>> client_max_body_size 0; >>> >>> ## Individual nginx logs for this vhost >>> access_log /var/log/nginx/graylog.example.com_access.log; >>> error_log /var/log/nginx/graylog.example.com_error.log; >>> >>> location / { >>> include proxy_params; >>> proxy_pass http://graylog_web_backend; >>> } >>> location /api { >>> rewrite ^/api(.*)$ $1 break; >>> include proxy_params; >>> proxy_pass http://graylog_api_backend; >>> } >>> } >>> >>> upstream graylog_web_backend { >>> server 172.17.0.1:9000; >>> } >>> upstream graylog_api_backend { >>> server 172.17.0.1:12900; >>> } >>> >>> This is environment that I used to config graylog container >>> >>> GRAYLOG_PASSWORD_SECRET: CHANGEME >>> GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ >>> GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ >>> >>> I can access to web interface and logged in to graylog. But if I access >>> to System / Overview page. I got this message log from docker logs -f >>> graylog command >>> >>> 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. >>> ProxiedResource - Unable to call https:// >>> graylog.example.com:12900/system/metrics/multiple on node >>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>> (class java.net.SocketTimeoutException) >>> 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. >>> ProxiedResource - Unable to call https:// >>> graylog.example.com:12900/system/jobs on node >>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>> (class java.net.SocketTimeoutException) >>> 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. >>> ProxiedResource - Unable to call https:// >>> graylog.example.com:12900/system/metrics/multiple on node >>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>> (class java.net.SocketTimeoutException) >>> 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. >>> ProxiedResource - Unable to call https:// >>> graylog.example.com:12900/system/metrics/multiple on node >>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>> (class java.net.SocketTimeoutException) >>> 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. >>> ProxiedResource - Unable to call https:// >>> graylog.example.com:12900/system/metrics/multiple on node >>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>> (class java.net.SocketTimeoutException) >>> >>> So I assume that the system still think that rest api still at port >>> 12900. Anyone try this before? any work around? Or any proper way to do >>> this? >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/76665df1-43c3-4d9b-b9a7-e7cbaf62dacf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
