Hi,

you're running into a problem with the Mixed Content Policy of your web 
browser.

If you're using HTTPS for the web interface, you also have to use HTTPS for 
the Graylog REST API (see web_endpoint_uri 
<https://github.com/Graylog2/graylog2-server/blob/2.1.1/misc/graylog.conf#L137-L139>
).

In general, please refer 
to http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html 
and http://docs.graylog.org/en/2.1/pages/configuration/https.html for more 
information.

Cheers,
Jochen

On Wednesday, 12 October 2016 19:28:48 UTC+2, fxp wrote:
>
> Env: Graylog 2.1.1, JRE 1.8.0, ES 2.4.1, RHEL 6.8
>
> *setup* - 2 x graylog-servers v2.1.1 with 1 x load balancer in front 
> running nginx v1.10
>
> Load balancer setup not using ssl (just http) works well without issue. 
> However the moment I enable ssl/termination on nginx, I keep running into 
> Server Currently Unavailable Error. I've poured over the graylog 
> documentation and I'm unable to find out what is wrong. 
> Does someone have working example of SSL load balancer in front of graylog 
> production setup (either with SSL termination on lb or SSL Pass through?). 
> User --> https --> LB --> http or https --> graylog cluster (2 nodes)
> Can someone pls assist and guide where the issue is??? 
>
>
> *Graylog-server configs :*
>
> node1 -
>
> is_master = true
>> node_id_file = /etc/graylog/server/node-id
>> password_secret = xxxx 
>> root_password_sha2 = xxxx
>> root_timezone = US/Eastern
>> plugin_dir = /usr/share/graylog-server/plugin
>> rest_listen_uri = http://graylog-web01:12900/
>> rest_transport_uri = http://graylog-web01:12900/
>> web_listen_uri = http://graylog-web01:9000/
>> web_endpoint_uri = http://graylog-web01:12900/
>> rotation_strategy = count
>> elasticsearch_max_docs_per_index = 20000000
>> elasticsearch_max_number_of_indices = 40
>> retention_strategy = delete
>> elasticsearch_shards = 8
>> elasticsearch_replicas = 1
>> elasticsearch_index_prefix = graylog2
>> allow_leading_wildcard_searches = false
>> allow_highlighting = false
>> elasticsearch_cluster_name = graylog2
>> elasticsearch_node_name_prefix = graylog-web01-
>> elasticsearch_discovery_zen_ping_multicast_enabled = false
>> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, 
>> 10.30.20.59:9300, 10.30.20.65:9300
>> elasticsearch_network_host = graylog-web01
>> elasticsearch_analyzer = standard
>> output_batch_size = 500
>> output_flush_interval = 1
>> output_fault_count_threshold = 5
>> output_fault_penalty_seconds = 30
>> processbuffer_processors = 5
>> outputbuffer_processors = 3
>> processor_wait_strategy = blocking
>> ring_size = 65536
>> inputbuffer_ring_size = 65536
>> inputbuffer_processors = 2
>> inputbuffer_wait_strategy = blocking
>> message_journal_enabled = true
>> message_journal_dir = /var/lib/graylog-server/journal
>> lb_recognition_period_seconds = 3
>> lb_throttle_threshold_percentage = 95
>> mongodb_uri = 
>> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl
>> mongodb_max_connections = 1000
>> mongodb_threads_allowed_to_block_multiplier = 5
>> content_packs_dir = /usr/share/graylog-server/contentpacks
>> content_packs_auto_load = grok-patterns.json
>> proxied_requests_thread_pool_size = 32
>>
>
> node2 -
>
>> is_master = false 
>> node_id_file = /etc/graylog/server/node-id
>> password_secret = xxxx
>> root_password_sha2 = xxxx
>> root_timezone = US/Eastern
>> plugin_dir = /usr/share/graylog-server/plugin
>> rest_listen_uri = http://graylog-web02:12900/
>> rest_transport_uri = http://graylog-web02:12900/
>> web_listen_uri = http://graylog-web02:9000/
>> web_endpoint_uri = http://graylog-web02:12900/
>> rotation_strategy = count
>> elasticsearch_max_docs_per_index = 20000000
>> elasticsearch_max_number_of_indices = 40
>> retention_strategy = delete
>> elasticsearch_shards = 8
>> elasticsearch_replicas = 1
>> elasticsearch_index_prefix = graylog2
>> allow_leading_wildcard_searches = false
>> allow_highlighting = false
>> elasticsearch_cluster_name = graylog2
>> elasticsearch_node_name_prefix = graylog-web02-
>> elasticsearch_discovery_zen_ping_multicast_enabled = false
>> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, 
>> 10.30.20.59:9300, 10.30.20.65:9300
>> elasticsearch_network_host = graylog-web02
>> elasticsearch_analyzer = standard
>> output_batch_size = 500
>> output_flush_interval = 1
>> output_fault_count_threshold = 5
>> output_fault_penalty_seconds = 30
>> processbuffer_processors = 5
>> outputbuffer_processors = 3
>> processor_wait_strategy = blocking
>> ring_size = 65536
>> inputbuffer_ring_size = 65536
>> inputbuffer_processors = 2
>> inputbuffer_wait_strategy = blocking
>> message_journal_enabled = true
>> message_journal_dir = /var/lib/graylog-server/journal
>> lb_recognition_period_seconds = 3
>> lb_throttle_threshold_percentage = 95
>> mongodb_uri = 
>> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl
>> mongodb_max_connections = 1000
>> mongodb_threads_allowed_to_block_multiplier = 5
>> content_packs_dir = /usr/share/graylog-server/contentpacks
>> content_packs_auto_load = grok-patterns.json
>> proxied_requests_thread_pool_size = 32
>>
>  
>
> *nginx load balancer config : *
>
>
> upstream graylog-weblb {
>>     server graylog-web01:9000;
>>     server graylog-web02:9000;
>> }
>> upstream graylog-apilb {
>>     server graylog-web01:12900;
>>     server graylog-web02:12900;
>> }
>> server {
>>     listen 80;
>>     return 301 https://$host$request_uri;
>> }
>> server {
>>     listen 443 ssl;
>>     server_name graylog;
>>     ssl on;
>>     ssl_certificate    /etc/nginx/ssl/graylog/server.crt;
>>     ssl_certificate_key    /etc/nginx/ssl/graylog/server.key;
>>     ssl_session_cache shared:SSL:20m;
>>     ssl_session_timeout 10m;
>>     ssl_prefer_server_ciphers       on;
>>     ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
>>     ssl_ciphers                     
>> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
>>     add_header Strict-Transport-Security "max-age=31536000";
>>     access_log            /var/log/nginx/graylog.access.log;
>>     location / {
>>       proxy_set_header        Host $host;
>>       proxy_set_header        X-Real-IP $remote_addr;
>>       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
>>       proxy_set_header        X-Forwarded-Proto $scheme;
>>       proxy_read_timeout  90;
>>       proxy_pass          http://graylog-weblb;
>>     }    
>> }
>> server {
>>     listen 12900 ssl;
>>     server_name graylog;
>>     ssl on;
>>     ssl_certificate    /etc/nginx/ssl/graylog/server.crt;
>>     ssl_certificate_key    /etc/nginx/ssl/graylog/server.key;
>>     ssl_session_cache shared:SSL:20m;
>>     ssl_session_timeout 10m;
>>     ssl_prefer_server_ciphers       on;
>>     ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
>>     ssl_ciphers                     
>> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
>>     add_header Strict-Transport-Security "max-age=31536000";
>>     access_log            /var/log/nginx/graylog-api.access.log;
>>     location / {
>>       proxy_set_header        Host $host;
>>       proxy_set_header        X-Real-IP $remote_addr;
>>       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
>>       proxy_set_header        X-Forwarded-Proto $scheme;
>>       proxy_read_timeout  90;
>>       proxy_pass          http://graylog-apilb;
>>     }
>> }
>>
>>
>
> *Error seen - *
> Server Currently unavailable 
> We are experiencing problems connecting to Graylog server running on 
> http://graylog-web02:12900/. Please verify the server is healthy and 
> working correctly. 
>
> Error messageBad requestOriginal RequestGET 
> http://graylog-web02:12900/system/sessionsStatus codeundefinedFull error 
> messageError: Request has been terminated Possible causes: the network is 
> offline, Origin is not allowed by Access-Control-Allow-Origin, the page is 
> being unloaded, etc.
> Many Many thanks, 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cf8a5c78-c76b-40ef-8f57-4fa504ee33ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to