Hi, Any luck solving this issue? I have exact the same problem as you.
Please let me know. Regards, Peter Kalkman On Thursday, May 26, 2016 at 9:13:32 AM UTC+2, Jirayut Nimsaeng wrote: > > I'm using graylog2/server:2.0.1-2 docker image from here > https://hub.docker.com/r/graylog2/server/. So I'm going to do everything > behind the nginx reverse proxy with https to secure communication both web > interface and rest api. This is my nginx configuration > > server { > listen 80; > server_name graylog.example.com; > ## redirect http to https ## > rewrite ^ https://graylog.example.com$request_uri? permanent; > } > > server { > > listen 443 ssl; > > ssl on; > ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; > ssl_certificate /etc/nginx/certs/graylog.example.com.crt; > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_prefer_server_ciphers on; > ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; > ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 > ssl_session_cache shared:SSL:10m; > ssl_session_tickets off; # Requires nginx >= 1.5.9 > ssl_stapling on; # Requires nginx >= 1.3.7 > ssl_stapling_verify on; # Requires nginx => 1.3.7 > resolver 8.8.4.4 8.8.8.8 valid=300s; > resolver_timeout 5s; > #add_header Strict-Transport-Security "max-age=63072000; > includeSubdomains; preload"; > #add_header X-Frame-Options DENY; > #add_header X-Content-Type-Options nosniff; > > ssl_dhparam /etc/nginx/certs/dhparam.pem; > > chunked_transfer_encoding on; > > server_name graylog.example.com; > server_tokens off; ## Don't show the nginx version number, a security > best practice > > ## Increase this if you want to upload large attachments > client_max_body_size 0; > > ## Individual nginx logs for this vhost > access_log /var/log/nginx/graylog.example.com_access.log; > error_log /var/log/nginx/graylog.example.com_error.log; > > location / { > include proxy_params; > proxy_pass http://graylog_web_backend; > } > location /api { > rewrite ^/api(.*)$ $1 break; > include proxy_params; > proxy_pass http://graylog_api_backend; > } > } > > upstream graylog_web_backend { > server 172.17.0.1:9000; > } > upstream graylog_api_backend { > server 172.17.0.1:12900; > } > > This is environment that I used to config graylog container > > GRAYLOG_PASSWORD_SECRET: CHANGEME > GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ > GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ > > I can access to web interface and logged in to graylog. But if I access to > System / Overview page. I got this message log from docker logs -f graylog > command > > 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/jobs on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. > ProxiedResource - Unable to call https:// > graylog.example.com:12900/system/metrics/multiple on node > <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out > (class java.net.SocketTimeoutException) > > So I assume that the system still think that rest api still at port 12900. > Anyone try this before? any work around? Or any proper way to do this? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b562e62d-ffb6-4556-a0a9-c1f8fe196350%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
