Hi René, it looks like you're using an old version of Graylog (i. e. before Graylog 2.0.0) which doesn't support the X-Graylog-Server-URL HTTP request header.
If you want to follow the documentation on http://docs.graylog.org/en/2.1/pages/configuration/https.html, you'll have to upgrade to Graylog 2.1.2 first. Cheers, Jochen On Thursday, 8 December 2016 14:03:56 UTC+1, [email protected] wrote: > > I have now for a while tried to setup graylog with https only access. > > I have followed the graylog documentation to the point and are now using > the nginx solution to access graylog-web using https. This part works fine > for me, but the problem is it is still accessable using http://fqdn:9000. > > I found then I could disable http.port and enable https.port with access > to keystore like this in /etc/default/graylog-web: > > # HTTP server settings. > GRAYLOG_WEB_HTTP_ADDRESS="0.0.0.0" > GRAYLOG_WEB_HTTP_PORT="8443" > > # Might be used to adjust the Java heap size. (i.e. "-Xms1024m -Xmx2048m") > #GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks > > -Dhttps.port=8443 -Dhttps.keyStore=/etc/graylog/cert/cacerts.jks > -Dhttps.keyStorePassword=changeit -Dhttp.port=disabled" > > GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks" > > # Pass some extra args to graylog-web. (i.e. "-d" to enable debug mode) > GRAYLOG_WEB_ARGS="" > > # Program that will be used to wrap the graylog-web command. Useful to > # support programs like authbind. > GRAYLOG_COMMAND_WRAPPER="" > > and in /etc/nginx/conf.d/graylog.conf I defined this: > > server > { > listen 443 ssl spdy; > server_name fqdn; > # <- your SSL Settings here! > ssl_certificate /etc/graylog/cert/graylog-cert.pem; > ssl_certificate_key /etc/graylog/cert/graylog-key.pem; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers HIGH:!aNULL:!MD5; > #ssl_password_file /etc/graylog/cert/graylog.pwd > > location / > { > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_set_header X-Graylog-Server-URL https://fqdn/api; > proxy_pass https://127.0.0.1:8443; > } > } > > Resulting in a nginx gateway error 502 when trying to access graylog in a > browser. > > How would I be able to get the https access solely without being able to > access http://fqdn:9000 on the graylog-web? > > BR. > René Jensen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8d1ea90b-469d-4dc6-947a-a85b7c5c2217%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
