Hi, are there any error messages in the logs of your Graylog node?
What's the result of the following curl command (insert your Graylog admin credentials): curl -u admin:password https://graylog.corp.com/api/system/?pretty=true Also, your web_endpoint_uri is wrong and should point to https://graylog.corp.com/api/, although this is overridden on a per-request basis by your X-Graylog-Server-URL HTTP request header. Cheers, Jochen On Wednesday, 31 August 2016 22:42:00 UTC+2, w wrote: > > Hi All, > > I am having trouble getting a reverse proxy working that is doing SSL > termination / load balancing between graylog 2.0.3 servers. > > I am getting the following error message. > > Error messagecannot GET https://graylog.corp.com/api/system/cluster/node > (404) > > > So we are having trouble accessing the API... > > To make things simple I have reduced the config to a single nginx node and > single graylog server in the setup. > > When I access the server directly over http it works just fine. > > My nginx config looks like > > server { > > listen 443 ssl; > > server_name graylog.corp.com; > > > > access_log /var/log/nginx/graylog.access.log; > > error_log /var/log/nginx/graylog.error.log; > > > > > > ssl on; > # SSL Config Redacted > > > > location / > > { > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > > proxy_set_header X-Graylog-Server-URL https:// > graylog.corp.com/api; > > > > proxy_pass http://graylog1.corp.com:9000; > > } > > location /api/ > > { > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > > proxy_pass http://graylog1.corp.com:12900; > > } > > } > > > > My Graylog config looks like > > # REST API listen URI. Must be reachable by other Graylog server nodes if > you run a cluster. > > # When using Graylog Collectors, this URI will be used to receive > heartbeat messages and must be accessible for all collectors. > > rest_listen_uri = http://0.0.0.0:12900/ > > > > # REST API transport address. Defaults to the value of rest_listen_uri. > Exception: If rest_listen_uri > > # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 > system address is used. > > # If set, this will be promoted in the cluster discovery APIs, so other > nodes may try to connect on > > # this address and it is used to generate URLs addressing entities in the > REST API. (see rest_listen_uri) > > # You will need to define this, if your Graylog server is running behind a > HTTP proxy that is rewriting > > # the scheme, host name or URI. > > # This must not contain a wildcard address (0.0.0.0). > > #rest_transport_uri = http://graylog.corp.com:12900/ > > > > # Enable CORS headers for REST API. This is necessary for JS-clients > accessing the server directly. > > # If these are disabled, modern browsers will not be able to retrieve > resources from the server. > > # This is enabled by default. Uncomment the next line to disable it. > > #rest_enable_cors = false > > > > # Enable GZIP support for REST API. This compresses API responses and > therefore helps to reduce > > # overall round trip times. This is disabled by default. Uncomment the > next line to enable it. > > #rest_enable_gzip = true > > > > # Enable HTTPS support for the REST API. This secures the communication > with the REST API with > > # TLS to prevent request forgery and eavesdropping. This is disabled by > default. Uncomment the > > # next line to enable it. > > #rest_enable_tls = true > > > > # The X.509 certificate chain file in PEM format to use for securing the > REST API. > > #rest_tls_cert_file = /path/to/graylog.crt > > > > # The PKCS#8 private key file in PEM format to use for securing the REST > API. > > #rest_tls_key_file = /path/to/graylog.key > > > > # The password to unlock the private key used for securing the REST API. > > #rest_tls_key_password = secret > > > > # The maximum size of the HTTP request headers in bytes. > > #rest_max_header_size = 8192 > > > > # The maximal length of the initial HTTP/1.1 line in bytes. > > #rest_max_initial_line_length = 4096 > > > > # The size of the thread pool used exclusively for serving the REST API. > > #rest_thread_pool_size = 16 > > > > # Enable the embedded Graylog web interface. > > # Default: true > > #web_enable = false > > > > # Web interface listen URI. It must not contain a path other than "/". > > web_listen_uri = http://0.0.0.0:9000/ > > > > # Web interface endpoint URI. This setting can be overriden on a > per-request basis with the X-Graylog-Server-URL header. > > # Default: $rest_transport_uri > > web_endpoint_uri = https://graylog.corp.com > > > Let me know if there are any other relevant sections of the graylog config > that should be shown. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/428f5851-cb38-4fa7-b25c-59d72ce222a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
