Env: Graylog 2.1.1, JRE 1.8.0, ES 2.4.1, RHEL 6.8 *setup* - 2 x graylog-servers v2.1.1 with 1 x load balancer in front running nginx v1.10
Load balancer setup not using ssl (just http) works well without issue. However the moment I enable ssl/termination on nginx, I keep running into Server Currently Unavailable Error. I've poured over the graylog documentation and I'm unable to find out what is wrong. Does someone have working example of SSL load balancer in front of graylog production setup (either with SSL termination on lb or SSL Pass through?). User --> https --> LB --> http or https --> graylog cluster (2 nodes) Can someone pls assist and guide where the issue is??? *Graylog-server configs :* node1 - is_master = true > node_id_file = /etc/graylog/server/node-id > password_secret = xxxx > root_password_sha2 = xxxx > root_timezone = US/Eastern > plugin_dir = /usr/share/graylog-server/plugin > rest_listen_uri = http://graylog-web01:12900/ > rest_transport_uri = http://graylog-web01:12900/ > web_listen_uri = http://graylog-web01:9000/ > web_endpoint_uri = http://graylog-web01:12900/ > rotation_strategy = count > elasticsearch_max_docs_per_index = 20000000 > elasticsearch_max_number_of_indices = 40 > retention_strategy = delete > elasticsearch_shards = 8 > elasticsearch_replicas = 1 > elasticsearch_index_prefix = graylog2 > allow_leading_wildcard_searches = false > allow_highlighting = false > elasticsearch_cluster_name = graylog2 > elasticsearch_node_name_prefix = graylog-web01- > elasticsearch_discovery_zen_ping_multicast_enabled = false > elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, > 10.30.20.59:9300, 10.30.20.65:9300 > elasticsearch_network_host = graylog-web01 > elasticsearch_analyzer = standard > output_batch_size = 500 > output_flush_interval = 1 > output_fault_count_threshold = 5 > output_fault_penalty_seconds = 30 > processbuffer_processors = 5 > outputbuffer_processors = 3 > processor_wait_strategy = blocking > ring_size = 65536 > inputbuffer_ring_size = 65536 > inputbuffer_processors = 2 > inputbuffer_wait_strategy = blocking > message_journal_enabled = true > message_journal_dir = /var/lib/graylog-server/journal > lb_recognition_period_seconds = 3 > lb_throttle_threshold_percentage = 95 > mongodb_uri = > mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl > mongodb_max_connections = 1000 > mongodb_threads_allowed_to_block_multiplier = 5 > content_packs_dir = /usr/share/graylog-server/contentpacks > content_packs_auto_load = grok-patterns.json > proxied_requests_thread_pool_size = 32 > node2 - > is_master = false > node_id_file = /etc/graylog/server/node-id > password_secret = xxxx > root_password_sha2 = xxxx > root_timezone = US/Eastern > plugin_dir = /usr/share/graylog-server/plugin > rest_listen_uri = http://graylog-web02:12900/ > rest_transport_uri = http://graylog-web02:12900/ > web_listen_uri = http://graylog-web02:9000/ > web_endpoint_uri = http://graylog-web02:12900/ > rotation_strategy = count > elasticsearch_max_docs_per_index = 20000000 > elasticsearch_max_number_of_indices = 40 > retention_strategy = delete > elasticsearch_shards = 8 > elasticsearch_replicas = 1 > elasticsearch_index_prefix = graylog2 > allow_leading_wildcard_searches = false > allow_highlighting = false > elasticsearch_cluster_name = graylog2 > elasticsearch_node_name_prefix = graylog-web02- > elasticsearch_discovery_zen_ping_multicast_enabled = false > elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, > 10.30.20.59:9300, 10.30.20.65:9300 > elasticsearch_network_host = graylog-web02 > elasticsearch_analyzer = standard > output_batch_size = 500 > output_flush_interval = 1 > output_fault_count_threshold = 5 > output_fault_penalty_seconds = 30 > processbuffer_processors = 5 > outputbuffer_processors = 3 > processor_wait_strategy = blocking > ring_size = 65536 > inputbuffer_ring_size = 65536 > inputbuffer_processors = 2 > inputbuffer_wait_strategy = blocking > message_journal_enabled = true > message_journal_dir = /var/lib/graylog-server/journal > lb_recognition_period_seconds = 3 > lb_throttle_threshold_percentage = 95 > mongodb_uri = > mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl > mongodb_max_connections = 1000 > mongodb_threads_allowed_to_block_multiplier = 5 > content_packs_dir = /usr/share/graylog-server/contentpacks > content_packs_auto_load = grok-patterns.json > proxied_requests_thread_pool_size = 32 > *nginx load balancer config : * upstream graylog-weblb { > server graylog-web01:9000; > server graylog-web02:9000; > } > upstream graylog-apilb { > server graylog-web01:12900; > server graylog-web02:12900; > } > server { > listen 80; > return 301 https://$host$request_uri; > } > server { > listen 443 ssl; > server_name graylog; > ssl on; > ssl_certificate /etc/nginx/ssl/graylog/server.crt; > ssl_certificate_key /etc/nginx/ssl/graylog/server.key; > ssl_session_cache shared:SSL:20m; > ssl_session_timeout 10m; > ssl_prefer_server_ciphers on; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; > add_header Strict-Transport-Security "max-age=31536000"; > access_log /var/log/nginx/graylog.access.log; > location / { > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_read_timeout 90; > proxy_pass http://graylog-weblb; > } > } > server { > listen 12900 ssl; > server_name graylog; > ssl on; > ssl_certificate /etc/nginx/ssl/graylog/server.crt; > ssl_certificate_key /etc/nginx/ssl/graylog/server.key; > ssl_session_cache shared:SSL:20m; > ssl_session_timeout 10m; > ssl_prefer_server_ciphers on; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; > add_header Strict-Transport-Security "max-age=31536000"; > access_log /var/log/nginx/graylog-api.access.log; > location / { > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_read_timeout 90; > proxy_pass http://graylog-apilb; > } > } > > *Error seen - * Server Currently unavailable We are experiencing problems connecting to Graylog server running on http://graylog-web02:12900/. Please verify the server is healthy and working correctly. Error messageBad requestOriginal RequestGET http://graylog-web02:12900/system/sessionsStatus codeundefinedFull error messageError: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. Many Many thanks, -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d99c1c6a-4751-4db8-a31d-6bdd27fb94c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
