Andrew, sorry there are too many possibilities in AWS, without digging deeper into the actual settings it's impossible to tell the exact solution. I can only explain the general mechanism of the web interface, you have to adopt it to your environment on your own. >From the error message: "We are experiencing problems connecting to the Graylog server running onhttp://52.11.208.43:9000/api/."; I would say that your browser still tries to access the public IP of the Graylog VM. So when you open the Graylog web interface with an address like http://graylog:9000 the browser downloads a bunch of Javascript. That gets executed in the browser and it tries to connect back to the Graylog REST api. Of course the browser need an url to connect to. It is using the header X-Graylog-Server-URL as api address. If this header is not set, it is using the url that was configured in the server.conf in web_endpoint_url. So when you put a proxy or another nginx between Graylog and your internal network make sure that there is a way for your browser to reach the Graylog api (http://internal.ip:9000/api should be accessible from the internal network). And tell the browser how to reach the api by setting the graylog header. I think in your case the header is not set correctly or the browser is not using the proxy at all. But to say this certainly I have to look at the setup in detail what is only possible with an enterprise support contract.
Cheers, Marius On 9 October 2016 at 00:06, Andrew Morgan <[email protected]> wrote: >> Thank you very much for your response.I am not quite sure what you mean, >> so I >> >> proxy_set_header X-Graylog-Server-URL http://52.1.1.1:9000/api/; >> sudo graylog-ctl reconfigure >> >> so my nginx config is below: >> >> server { >> listen 80; >> location / { >> proxy_pass http://localhost:9000/; >> proxy_http_version 1.1; >> proxy_set_header Host $host; >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header X-Graylog-Server-URL http://52.1.1.1:9000/api/; >> proxy_pass_request_headers on; >> proxy_connect_timeout 150; >> proxy_send_timeout 100; >> proxy_read_timeout 100; >> proxy_buffers 4 32k; >> client_max_body_size 8m; >> client_body_buffer_size 128k; >> >> >> >> I opened up port for that security group 80 and 9000 and access the server >> just fine when I visit http://52.11.208.43 it works, but as I said its >> against company policy, so I closed the ports and trying through the proxy >> and neither of the configs below work >> <VirtualHost *:80> >> ServerName logserver.socialpatrol.net >> ServerAlias logserver >> ProxyRequests off >> ProxyPreserveHost On >> <Location /> >> RequestHeader set X-Graylog-Server-URL "http://52.1.1.1:9000/api/"; >> ProxyPass http://10.1.80.7/ >> ProxyPassReverse http://10.1.80.7/ >> Order allow,deny >> Allow from all >> </Location> >> >> >> </VirtualHost> >> >> >> ERROR >> We are experiencing problems connecting to the Graylog server running >> onhttp://52.11.208.43:9000/api/. >> Error messageBad requestOriginal RequestGET >> http://52.11.208.43:9000/api/system/sessionsStatus codeundefinedFull error >> messageError: Request has been terminated Possible causes: the network is >> offline, Origin is not allowed by Access-Control-Allow-Origin, the page is >> being unloaded, etc. >> >> 10.1.80.7 is the private ip of the graylog server , but none of these >> configs work. >> >> >> <VirtualHost *:80> >> ServerName logserver.socialpatrol.net >> ServerAlias logserver >> ProxyRequests off >> ProxyPreserveHost On >> <Location /> >> RequestHeader set X-Graylog-Server-URL "http://10.1.80.7:9000/api/"; >> ProxyPass http://10.1.80.7/ >> ProxyPassReverse http://10.1.80.7/ >> Order allow,deny >> Allow from all >> </Location> >> >> >> </VirtualHost> >> >> >> >> >> On Saturday, October 8, 2016 at 4:35:00 PM UTC-4, Marius Sturm wrote: >>> >>> Hi Andrew, >>> when you add a second proxy to the chain, it looks like Graylog would be >>> reachable from another IP. Your web browser tries to connect back to the >>> Graylog REST api based on the value of web_endpoint_uri _or_ the >>> X-Graylog-Server-URL header. Set one of those to the IP that is reachable >>> from the perspective of your browser. >>> >>> Cheers, >>> Marius >>> >>> >>> On 8 October 2016 at 18:34, Andrew Morgan <[email protected]> wrote: >>>> >>>> hello everyone, >>>> I have an issue at work with graylog I'd like help with please...I >>>> installed graylog from scratch within my AWS environment using the websites >>>> AMI, and everything was setup for me.I have a AWS VPC and all traffic goes >>>> through a load balancer or proxy on port 80. I ave opened port 9000 as >>>> well. >>>> My issue is when I open port 80 and 9000 for where the server is located >>>> everything works(but this is against my companies policy, so traffic should >>>> be routed through the proxy), but I am unable to proxy port 80 traffic to >>>> the public ip address and the private ip address doesnt work. >>>> >>>> my proxy config is below: >>>> >>>> <VirtualHost *:80> >>>> ServerName logserver.net >>>> ServerAlias logserver >>>> ProxyRequests off >>>> ProxyPreserveHost On >>>> <Location /> >>>> ProxyPass http://10.1.80.23:9000/ >>>> ProxyPassReverse http://10.1.80.23:9000/ >>>> Order allow,deny >>>> Allow from all >>>> </Location> >>>> >>>> </VirtualHost> >>>> >>>> I also proxy passed port 80 traffic because on the server it uses nginx >>>> as a proxy as well. >>>> >>>> >>>> My nginx config: >>>> >>>> server { >>>> >>>> >>>> >>>> listen 80; >>>> >>>> location / { >>>> >>>> proxy_pass http://localhost:9000/; >>>> >>>> proxy_http_version 1.1; >>>> >>>> proxy_set_header Host $host; >>>> >>>> proxy_set_header X-Real-IP $remote_addr; >>>> >>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >>>> >>>> proxy_set_header X-Graylog-Server-URL >>>> http://10.1.80.7:9000/api/; >>>> >>>> proxy_pass_request_headers on; >>>> >>>> proxy_connect_timeout 150; >>>> >>>> proxy_send_timeout 100; >>>> >>>> proxy_read_timeout 100; >>>> >>>> proxy_buffers 4 32k; >>>> >>>> client_max_body_size 8m; >>>> >>>> client_body_buffer_size 128k; >>>> >>>> } >>>> >>>> error_page 502 /502.html; >>>> >>>> location /502.html { >>>> >>>> internal; >>>> >>>> } >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/a29c4498-23e6-470d-a0c9-fb5978be597e%40googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> >>> -- >>> Developer >>> >>> Tel.: +49 (0)40 609 452 077 >>> Fax.: +49 (0)40 609 452 078 >>> >>> TORCH GmbH - A Graylog Company >>> Poolstraße 21 >>> 20335 Hamburg >>> Germany >>> >>> https://www.graylog.com >>> >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>> Geschäftsführer: Lennart Koopmann (CEO) > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/36bb47e3-6f0b-4232-acee-12ac9ee1d9ae%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbK1me9KjOYYcscwuTGrSX5ch%3DDbF%3DUghm-UWsV3G5uwhQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
