Env: Graylog 2.1.1, JRE 1.8.0, ES 2.4.1, RHEL 6.8

*setup* - 2 x graylog-servers v2.1.1 with 1 x load balancer in front 
running nginx v1.10

Load balancer setup not using ssl (just http) works well without issue. 
However the moment I enable ssl/termination on nginx, I keep running into 
Server Currently Unavailable Error. I've poured over the graylog 
documentation and I'm unable to find out what is wrong. 
Does someone have working example of SSL load balancer in front of graylog 
production setup (either with SSL termination on lb or SSL Pass through?). 
User --> https --> LB --> http or https --> graylog cluster (2 nodes)
Can someone pls assist and guide where the issue is??? 


*Graylog-server configs :*

node1 -

is_master = true
> node_id_file = /etc/graylog/server/node-id
> password_secret = xxxx 
> root_password_sha2 = xxxx
> root_timezone = US/Eastern
> plugin_dir = /usr/share/graylog-server/plugin
> rest_listen_uri = http://graylog-web01:12900/
> rest_transport_uri = http://graylog-web01:12900/
> web_listen_uri = http://graylog-web01:9000/
> web_endpoint_uri = http://graylog-web01:12900/
> rotation_strategy = count
> elasticsearch_max_docs_per_index = 20000000
> elasticsearch_max_number_of_indices = 40
> retention_strategy = delete
> elasticsearch_shards = 8
> elasticsearch_replicas = 1
> elasticsearch_index_prefix = graylog2
> allow_leading_wildcard_searches = false
> allow_highlighting = false
> elasticsearch_cluster_name = graylog2
> elasticsearch_node_name_prefix = graylog-web01-
> elasticsearch_discovery_zen_ping_multicast_enabled = false
> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, 
> 10.30.20.59:9300, 10.30.20.65:9300
> elasticsearch_network_host = graylog-web01
> elasticsearch_analyzer = standard
> output_batch_size = 500
> output_flush_interval = 1
> output_fault_count_threshold = 5
> output_fault_penalty_seconds = 30
> processbuffer_processors = 5
> outputbuffer_processors = 3
> processor_wait_strategy = blocking
> ring_size = 65536
> inputbuffer_ring_size = 65536
> inputbuffer_processors = 2
> inputbuffer_wait_strategy = blocking
> message_journal_enabled = true
> message_journal_dir = /var/lib/graylog-server/journal
> lb_recognition_period_seconds = 3
> lb_throttle_threshold_percentage = 95
> mongodb_uri = 
> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl
> mongodb_max_connections = 1000
> mongodb_threads_allowed_to_block_multiplier = 5
> content_packs_dir = /usr/share/graylog-server/contentpacks
> content_packs_auto_load = grok-patterns.json
> proxied_requests_thread_pool_size = 32
>

node2 -

> is_master = false 
> node_id_file = /etc/graylog/server/node-id
> password_secret = xxxx
> root_password_sha2 = xxxx
> root_timezone = US/Eastern
> plugin_dir = /usr/share/graylog-server/plugin
> rest_listen_uri = http://graylog-web02:12900/
> rest_transport_uri = http://graylog-web02:12900/
> web_listen_uri = http://graylog-web02:9000/
> web_endpoint_uri = http://graylog-web02:12900/
> rotation_strategy = count
> elasticsearch_max_docs_per_index = 20000000
> elasticsearch_max_number_of_indices = 40
> retention_strategy = delete
> elasticsearch_shards = 8
> elasticsearch_replicas = 1
> elasticsearch_index_prefix = graylog2
> allow_leading_wildcard_searches = false
> allow_highlighting = false
> elasticsearch_cluster_name = graylog2
> elasticsearch_node_name_prefix = graylog-web02-
> elasticsearch_discovery_zen_ping_multicast_enabled = false
> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, 
> 10.30.20.59:9300, 10.30.20.65:9300
> elasticsearch_network_host = graylog-web02
> elasticsearch_analyzer = standard
> output_batch_size = 500
> output_flush_interval = 1
> output_fault_count_threshold = 5
> output_fault_penalty_seconds = 30
> processbuffer_processors = 5
> outputbuffer_processors = 3
> processor_wait_strategy = blocking
> ring_size = 65536
> inputbuffer_ring_size = 65536
> inputbuffer_processors = 2
> inputbuffer_wait_strategy = blocking
> message_journal_enabled = true
> message_journal_dir = /var/lib/graylog-server/journal
> lb_recognition_period_seconds = 3
> lb_throttle_threshold_percentage = 95
> mongodb_uri = 
> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl
> mongodb_max_connections = 1000
> mongodb_threads_allowed_to_block_multiplier = 5
> content_packs_dir = /usr/share/graylog-server/contentpacks
> content_packs_auto_load = grok-patterns.json
> proxied_requests_thread_pool_size = 32
>
 

*nginx load balancer config : *


upstream graylog-weblb {
>     server graylog-web01:9000;
>     server graylog-web02:9000;
> }
> upstream graylog-apilb {
>     server graylog-web01:12900;
>     server graylog-web02:12900;
> }
> server {
>     listen 80;
>     return 301 https://$host$request_uri;
> }
> server {
>     listen 443 ssl;
>     server_name graylog;
>     ssl on;
>     ssl_certificate    /etc/nginx/ssl/graylog/server.crt;
>     ssl_certificate_key    /etc/nginx/ssl/graylog/server.key;
>     ssl_session_cache shared:SSL:20m;
>     ssl_session_timeout 10m;
>     ssl_prefer_server_ciphers       on;
>     ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
>     ssl_ciphers                     
> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
>     add_header Strict-Transport-Security "max-age=31536000";
>     access_log            /var/log/nginx/graylog.access.log;
>     location / {
>       proxy_set_header        Host $host;
>       proxy_set_header        X-Real-IP $remote_addr;
>       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
>       proxy_set_header        X-Forwarded-Proto $scheme;
>       proxy_read_timeout  90;
>       proxy_pass          http://graylog-weblb;
>     }    
> }
> server {
>     listen 12900 ssl;
>     server_name graylog;
>     ssl on;
>     ssl_certificate    /etc/nginx/ssl/graylog/server.crt;
>     ssl_certificate_key    /etc/nginx/ssl/graylog/server.key;
>     ssl_session_cache shared:SSL:20m;
>     ssl_session_timeout 10m;
>     ssl_prefer_server_ciphers       on;
>     ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
>     ssl_ciphers                     
> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
>     add_header Strict-Transport-Security "max-age=31536000";
>     access_log            /var/log/nginx/graylog-api.access.log;
>     location / {
>       proxy_set_header        Host $host;
>       proxy_set_header        X-Real-IP $remote_addr;
>       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
>       proxy_set_header        X-Forwarded-Proto $scheme;
>       proxy_read_timeout  90;
>       proxy_pass          http://graylog-apilb;
>     }
> }
>
>

*Error seen - *
Server Currently unavailable 
We are experiencing problems connecting to Graylog server running on 
http://graylog-web02:12900/. Please verify the server is healthy and 
working correctly. 

Error messageBad requestOriginal RequestGET 
http://graylog-web02:12900/system/sessionsStatus codeundefinedFull error 
messageError: Request has been terminated Possible causes: the network is 
offline, Origin is not allowed by Access-Control-Allow-Origin, the page is 
being unloaded, etc.
Many Many thanks, 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d99c1c6a-4751-4db8-a31d-6bdd27fb94c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to