Thanks Jochen - that worked. I also upgraded to 2.1.0 where we are able to run http/api on the same port which made the config much simpler.
Thanks! W On Thursday, September 1, 2016 at 1:39:26 AM UTC-7, Jochen Schalanda wrote: > > Hi, > > are there any error messages in the logs of your Graylog node? > > What's the result of the following curl command (insert your Graylog admin > credentials): > > curl -u admin:password https://graylog.corp.com/api/system/?pretty=true > > > Also, your web_endpoint_uri is wrong and should point to > https://graylog.corp.com/api/, although this is overridden on a > per-request basis by your X-Graylog-Server-URL HTTP request header. > > Cheers, > Jochen > > > On Wednesday, 31 August 2016 22:42:00 UTC+2, w wrote: >> >> Hi All, >> >> I am having trouble getting a reverse proxy working that is doing SSL >> termination / load balancing between graylog 2.0.3 servers. >> >> I am getting the following error message. >> >> Error messagecannot GET https://graylog.corp.com/api/system/cluster/node >> (404) >> >> >> So we are having trouble accessing the API... >> >> To make things simple I have reduced the config to a single nginx node >> and single graylog server in the setup. >> >> When I access the server directly over http it works just fine. >> >> My nginx config looks like >> >> server { >> >> listen 443 ssl; >> >> server_name graylog.corp.com; >> >> >> >> access_log /var/log/nginx/graylog.access.log; >> >> error_log /var/log/nginx/graylog.error.log; >> >> >> >> >> >> ssl on; >> # SSL Config Redacted >> >> >> >> location / >> >> { >> >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> >> proxy_set_header Host $http_host; >> >> proxy_set_header X-Graylog-Server-URL https:// >> graylog.corp.com/api; >> >> >> >> proxy_pass http://graylog1.corp.com:9000; >> >> } >> >> location /api/ >> >> { >> >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> >> proxy_set_header Host $http_host; >> >> proxy_pass http://graylog1.corp.com:12900; >> >> } >> >> } >> >> >> >> My Graylog config looks like >> >> # REST API listen URI. Must be reachable by other Graylog server nodes if >> you run a cluster. >> >> # When using Graylog Collectors, this URI will be used to receive >> heartbeat messages and must be accessible for all collectors. >> >> rest_listen_uri = http://0.0.0.0:12900/ >> >> >> >> # REST API transport address. Defaults to the value of rest_listen_uri. >> Exception: If rest_listen_uri >> >> # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 >> system address is used. >> >> # If set, this will be promoted in the cluster discovery APIs, so other >> nodes may try to connect on >> >> # this address and it is used to generate URLs addressing entities in the >> REST API. (see rest_listen_uri) >> >> # You will need to define this, if your Graylog server is running behind >> a HTTP proxy that is rewriting >> >> # the scheme, host name or URI. >> >> # This must not contain a wildcard address (0.0.0.0). >> >> #rest_transport_uri = http://graylog.corp.com:12900/ >> >> >> >> # Enable CORS headers for REST API. This is necessary for JS-clients >> accessing the server directly. >> >> # If these are disabled, modern browsers will not be able to retrieve >> resources from the server. >> >> # This is enabled by default. Uncomment the next line to disable it. >> >> #rest_enable_cors = false >> >> >> >> # Enable GZIP support for REST API. This compresses API responses and >> therefore helps to reduce >> >> # overall round trip times. This is disabled by default. Uncomment the >> next line to enable it. >> >> #rest_enable_gzip = true >> >> >> >> # Enable HTTPS support for the REST API. This secures the communication >> with the REST API with >> >> # TLS to prevent request forgery and eavesdropping. This is disabled by >> default. Uncomment the >> >> # next line to enable it. >> >> #rest_enable_tls = true >> >> >> >> # The X.509 certificate chain file in PEM format to use for securing the >> REST API. >> >> #rest_tls_cert_file = /path/to/graylog.crt >> >> >> >> # The PKCS#8 private key file in PEM format to use for securing the REST >> API. >> >> #rest_tls_key_file = /path/to/graylog.key >> >> >> >> # The password to unlock the private key used for securing the REST API. >> >> #rest_tls_key_password = secret >> >> >> >> # The maximum size of the HTTP request headers in bytes. >> >> #rest_max_header_size = 8192 >> >> >> >> # The maximal length of the initial HTTP/1.1 line in bytes. >> >> #rest_max_initial_line_length = 4096 >> >> >> >> # The size of the thread pool used exclusively for serving the REST API. >> >> #rest_thread_pool_size = 16 >> >> >> >> # Enable the embedded Graylog web interface. >> >> # Default: true >> >> #web_enable = false >> >> >> >> # Web interface listen URI. It must not contain a path other than "/". >> >> web_listen_uri = http://0.0.0.0:9000/ >> >> >> >> # Web interface endpoint URI. This setting can be overriden on a >> per-request basis with the X-Graylog-Server-URL header. >> >> # Default: $rest_transport_uri >> >> web_endpoint_uri = https://graylog.corp.com >> >> >> Let me know if there are any other relevant sections of the graylog >> config that should be shown. >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/587448af-4730-47da-a7a6-41f8959688e5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
