Thank you for your assistance thus far.I have done that as well, I have set proxy_set_header X-Graylog-Server-URL http://10.1.80.7:9000/api/ on graylog server . From the proxy server I can access that URL
curl -Is http://10.1.80.7:9000/api/system/sessions HTTP/1.1 200 OK curl -Is http://10.1.80.7:9000/api/system/cluster/node HTTP/1.1 200 OK But I am still getting the error message below.I also have a graylog2 setup, but it is an older version which was installed from source, and I am not sure how to upgrade it from source as there is no documentation.I would even settle for installing the latest graylog without the proxy, but cant seem to find any tutorial which works, do you have any? We are experiencing problems connecting to the Graylog server running on *http://10.1.80.7:9000/api/ <http://10.1.80.7:9000/api/>*. Please verify that the server is healthy and working correctly. You will be automatically redirected to the previous page once we can connect to the server. Do you need a hand? We can help you <https://www.graylog.org/community-support>. Less details <http://logserver.socialpatrol.net/#> ------------------------------ This is the last response we received from the server: Error messageBad requestOriginal RequestGET http://10.1.80.7:9000/api/system/cluster/nodeStatus codeundefinedFull error messageError: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. On Sun, Oct 9, 2016 at 6:01 AM, Marius Sturm <[email protected]> wrote: > Andrew, > sorry there are too many possibilities in AWS, without digging deeper > into the actual settings it's impossible to tell the exact solution. I > can only explain the general mechanism of the web interface, you have > to adopt it to your environment on your own. > From the error message: "We are experiencing problems connecting to > the Graylog server running onhttp://52.11.208.43:9000/api/."; > I would say that your browser still tries to access the public IP of > the Graylog VM. > So when you open the Graylog web interface with an address like > http://graylog:9000 the browser downloads a bunch of Javascript. That > gets executed in the browser and it tries to connect back to the > Graylog REST api. Of course the browser need an url to connect to. It > is using the header X-Graylog-Server-URL as api address. If this > header is not set, it is using the url that was configured in the > server.conf in web_endpoint_url. > So when you put a proxy or another nginx between Graylog and your > internal network make sure that there is a way for your browser to > reach the Graylog api (http://internal.ip:9000/api should be > accessible from the internal network). And tell the browser how to > reach the api by setting the graylog header. > I think in your case the header is not set correctly or the browser is > not using the proxy at all. But to say this certainly I have to look > at the setup in detail what is only possible with an enterprise > support contract. > > Cheers, > Marius > > > On 9 October 2016 at 00:06, Andrew Morgan <[email protected]> > wrote: > >> Thank you very much for your response.I am not quite sure what you mean, > >> so I > >> > >> proxy_set_header X-Graylog-Server-URL http://52.1.1.1:9000/api/; > >> sudo graylog-ctl reconfigure > >> > >> so my nginx config is below: > >> > >> server { > >> listen 80; > >> location / { > >> proxy_pass http://localhost:9000/; > >> proxy_http_version 1.1; > >> proxy_set_header Host $host; > >> proxy_set_header X-Real-IP $remote_addr; > >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > >> proxy_set_header X-Graylog-Server-URL http://52.1.1.1:9000/api/ > ; > >> proxy_pass_request_headers on; > >> proxy_connect_timeout 150; > >> proxy_send_timeout 100; > >> proxy_read_timeout 100; > >> proxy_buffers 4 32k; > >> client_max_body_size 8m; > >> client_body_buffer_size 128k; > >> > >> > >> > >> I opened up port for that security group 80 and 9000 and access the > server > >> just fine when I visit http://52.11.208.43 it works, but as I said its > >> against company policy, so I closed the ports and trying through the > proxy > >> and neither of the configs below work > >> <VirtualHost *:80> > >> ServerName logserver.socialpatrol.net > >> ServerAlias logserver > >> ProxyRequests off > >> ProxyPreserveHost On > >> <Location /> > >> RequestHeader set X-Graylog-Server-URL "http://52.1.1.1:9000/api/"; > >> ProxyPass http://10.1.80.7/ > >> ProxyPassReverse http://10.1.80.7/ > >> Order allow,deny > >> Allow from all > >> </Location> > >> > >> > >> </VirtualHost> > >> > >> > >> ERROR > >> We are experiencing problems connecting to the Graylog server running > >> onhttp://52.11.208.43:9000/api/. > >> Error messageBad requestOriginal RequestGET > >> http://52.11.208.43:9000/api/system/sessionsStatus codeundefinedFull > error > >> messageError: Request has been terminated Possible causes: the network > is > >> offline, Origin is not allowed by Access-Control-Allow-Origin, the page > is > >> being unloaded, etc. > >> > >> 10.1.80.7 is the private ip of the graylog server , but none of these > >> configs work. > >> > >> > >> <VirtualHost *:80> > >> ServerName logserver.socialpatrol.net > >> ServerAlias logserver > >> ProxyRequests off > >> ProxyPreserveHost On > >> <Location /> > >> RequestHeader set X-Graylog-Server-URL "http://10.1.80.7:9000/api/"; > >> ProxyPass http://10.1.80.7/ > >> ProxyPassReverse http://10.1.80.7/ > >> Order allow,deny > >> Allow from all > >> </Location> > >> > >> > >> </VirtualHost> > >> > >> > >> > >> > >> On Saturday, October 8, 2016 at 4:35:00 PM UTC-4, Marius Sturm wrote: > >>> > >>> Hi Andrew, > >>> when you add a second proxy to the chain, it looks like Graylog would > be > >>> reachable from another IP. Your web browser tries to connect back to > the > >>> Graylog REST api based on the value of web_endpoint_uri _or_ the > >>> X-Graylog-Server-URL header. Set one of those to the IP that is > reachable > >>> from the perspective of your browser. > >>> > >>> Cheers, > >>> Marius > >>> > >>> > >>> On 8 October 2016 at 18:34, Andrew Morgan <[email protected]> > wrote: > >>>> > >>>> hello everyone, > >>>> I have an issue at work with graylog I'd like help with please...I > >>>> installed graylog from scratch within my AWS environment using the > websites > >>>> AMI, and everything was setup for me.I have a AWS VPC and all traffic > goes > >>>> through a load balancer or proxy on port 80. I ave opened port 9000 > as well. > >>>> My issue is when I open port 80 and 9000 for where the server is > located > >>>> everything works(but this is against my companies policy, so traffic > should > >>>> be routed through the proxy), but I am unable to proxy port 80 > traffic to > >>>> the public ip address and the private ip address doesnt work. > >>>> > >>>> my proxy config is below: > >>>> > >>>> <VirtualHost *:80> > >>>> ServerName logserver.net > >>>> ServerAlias logserver > >>>> ProxyRequests off > >>>> ProxyPreserveHost On > >>>> <Location /> > >>>> ProxyPass http://10.1.80.23:9000/ > >>>> ProxyPassReverse http://10.1.80.23:9000/ > >>>> Order allow,deny > >>>> Allow from all > >>>> </Location> > >>>> > >>>> </VirtualHost> > >>>> > >>>> I also proxy passed port 80 traffic because on the server it uses > nginx > >>>> as a proxy as well. > >>>> > >>>> > >>>> My nginx config: > >>>> > >>>> server { > >>>> > >>>> > >>>> > >>>> listen 80; > >>>> > >>>> location / { > >>>> > >>>> proxy_pass http://localhost:9000/; > >>>> > >>>> proxy_http_version 1.1; > >>>> > >>>> proxy_set_header Host $host; > >>>> > >>>> proxy_set_header X-Real-IP $remote_addr; > >>>> > >>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > >>>> > >>>> proxy_set_header X-Graylog-Server-URL > >>>> http://10.1.80.7:9000/api/; > >>>> > >>>> proxy_pass_request_headers on; > >>>> > >>>> proxy_connect_timeout 150; > >>>> > >>>> proxy_send_timeout 100; > >>>> > >>>> proxy_read_timeout 100; > >>>> > >>>> proxy_buffers 4 32k; > >>>> > >>>> client_max_body_size 8m; > >>>> > >>>> client_body_buffer_size 128k; > >>>> > >>>> } > >>>> > >>>> error_page 502 /502.html; > >>>> > >>>> location /502.html { > >>>> > >>>> internal; > >>>> > >>>> } > >>>> > >>>> > >>>> > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "Graylog Users" group. > >>>> To unsubscribe from this group and stop receiving emails from it, send > >>>> an email to [email protected]. > >>>> To view this discussion on the web visit > >>>> https://groups.google.com/d/msgid/graylog2/a29c4498-23e6- > 470d-a0c9-fb5978be597e%40googlegroups.com. > >>>> For more options, visit https://groups.google.com/d/optout. > >>> > >>> > >>> > >>> > >>> -- > >>> Developer > >>> > >>> Tel.: +49 (0)40 609 452 077 > >>> Fax.: +49 (0)40 609 452 078 > >>> > >>> TORCH GmbH - A Graylog Company > >>> Poolstraße 21 > >>> 20335 Hamburg > >>> Germany > >>> > >>> https://www.graylog.com > >>> > >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > >>> Geschäftsführer: Lennart Koopmann (CEO) > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Graylog Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/graylog2/36bb47e3-6f0b- > 4232-acee-12ac9ee1d9ae%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/8FNLNCBqx2M/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/CAMqbBbK1me9KjOYYcscwuTGrSX5ch%3DDbF%3DUghm-UWsV3G5uwhQ% > 40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAM_uWf-WJggdLOwisGPr74T1MEAq%3DswOEny8naDDrjDoPbRDSQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
