Hi Pasqual, the easiest way of setting this up is to just use the 'enforce-ssl' command. This will put the web interface and the rest api on port 443. This should work on the internal and the external IP address.
Once you use the 'set-external-ip' command you basically tell graylog-ctl that you have another ip/url for the rest api then the default one. So double check that there is no 'external_rest_uri' in the file /etc/graylog/graylog-settings.json to reset that state. The steps to set this is up are: - boot fresh appliance - sudo graylog-ctl reconfigure (check on the internal network that everything works fine) - sudo graylog-ctl enforce-ssl - open https://<externalIp> Hope that helps, Marius On 1 June 2016 at 03:04, Pasqual Troncone <[email protected]> wrote: > Hi everyone, > > Sorry if I bring this up again but I have read numbers of post in here > trying to figure out whats is going in with my Graylog installation without > any success. This is my context: > > - Operating System: Ubuntu 14.04 (clean install) > - Graylog versión 2.0.2-1 (Using the appliance for debian > graylog_2.0.2-1_amd64.deb > > <https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_2.0.2-1_amd64.deb> > ). > - I'm testing Graylog on a cloud server so, it has an internal ip > address (for example*10.X.X.X*) and a public ip (*192.X.X.X*) address > (with ports 80, 443, 9000, 12900 opens), just like the Amazon Servers that > I have read in this group. > > Everything that I have tried with *graylog-ctl* has work so far*. *But > I can't get SSL to work properly (*graylog-ctl enforce-ssl*) with default > self-signed certificate after I set an external ip (*graylog-ctl > set-external-ip http://192.168.0.162:12900 <http://192.168.0.162:12900>* > ). > > I was able to get to get into the server but with mixed connections, > encrypted and non-encrypted, as you can see in the following screen capture. > > > > I have tried configuring the external IP with HTTPS with no luck (*graylog-ctl > set-external-ip https://192.168.0.162:12900 <https://192.168.0.162:12900>) > *among > many other things with no luck. *"web_enable_tls": true* option in > *graylog-settings.json* file, or changing manually rest_enable_tls = true > in *graylog.conf* make no difference. > > Has anyone successfully install an appliance with SSL and external IP with > Graylog versión 2.0.0-1? What I'm missing? > > Thank you in advance. > Pasqual T. > > > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/64245024-7293-4a45-ba35-2defb7e92463%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/64245024-7293-4a45-ba35-2defb7e92463%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbKJQofbPR1e2kKkqisfFe%3DU2L4y-EoUKtMaJ7LLW%2BEfLg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
