Hi Jochen,
sorry for long reply, but server in production and it took some time to
test yours suggestions. We rebuild configuration files and now it works!
Final configuration of apache2 vhost:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName graylog.site.org
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}:443%{REQUEST_URI}
<Proxy *>
Order deny,allow
Deny from all
allow from ****
</Proxy>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName graylog.site.org
ProxyRequests off
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/***.crt
SSLCertificateChainFile /etc/apache2/ssl/***.pem
SSLCertificateKeyFile /etc/apache2/ssl/***.key
<Proxy *>
Order deny,allow
Deny from all
allow from *****
</Proxy>
SSLProxyEngine on
ProxyPreserveHost on
ProxyPass /api/ https://127.0.0.1:12900/api/
ProxyPassReverse /api/ https://127.0.0.1:12900/api/
RequestHeader set X-Graylog-Server-URL
"https://graylog.site.org/api/";
ProxyPass / https://127.0.0.1:9000/ nocanon
ProxyPassReverse / https://127.0.0.1:9000/
ProxyPassReverse / https://graylog.site.org/
AllowEncodedSlashes NoDecode
</VirtualHost>
Final configuration of gralyog2:
rest_listen_uri = http://0.0.0.0:12900/api/
rest_transport_uri = http://192.168.0.5:12900/api/
rest_enable_cors = true
rest_enable_gzip = true
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/graylog.pem
rest_tls_key_file = /etc/graylog/server/graylog.p8.pem
web_listen_uri = http://127.0.0.1:9000/
#web_endpoint_uri = https://192.168.0.5:12900/
#web_enable_cors = false
#web_enable_gzip = false
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/graylog.pem
web_tls_key_file = /etc/graylog/server/graylog.p8.pem
Thanks for help!
вторник, 13 декабря 2016 г., 11:54:10 UTC+2 пользователь Jochen Schalanda
написал:
>
> Hi,
>
> your rest_listen_uri and rest_transport_uri (both using port 12900) don't
> match what you've configured in Apache httpd (using port 9000).
>
> Cheers,
> Jochen
>
> On Tuesday, 13 December 2016 10:20:21 UTC+1, Evgeniy Danilenko wrote:
>>
>> UP UP UP
>>
>> четверг, 24 ноября 2016 г., 12:25:01 UTC+2 пользователь Evgeniy Danilenko
>> написал:
>>>
>>> Hello Jochen,
>>>
>>> i am working with Alexandr and this is a part of our graylog
>>> configuration file:
>>>
>>> rest_listen_uri = http://0.0.0.0:12900/api/
>>> rest_transport_uri = http://192.168.0.5:12900/api/
>>> rest_enable_cors = true
>>> rest_enable_gzip = true
>>> rest_enable_tls = true
>>> rest_tls_cert_file = /etc/graylog/server/graylog.pem
>>> rest_tls_key_file = /etc/graylog/server/graylog.p8.pem
>>>
>>> web_listen_uri = http://127.0.0.1:9000/
>>> #web_endpoint_uri = https://192.168.0.5:12900/
>>> #web_enable_cors = false
>>> #web_enable_gzip = false
>>> web_enable_tls = true
>>> web_tls_cert_file = /etc/graylog/server/graylog.pem
>>> web_tls_key_file = /etc/graylog/server/graylog.p8.pem
>>>
>>>
>>>
>>> вторник, 8 ноября 2016 г., 12:45:55 UTC+2 пользователь Jochen Schalanda
>>> написал:
>>>>
>>>> Hi Alexander,
>>>>
>>>> how did you configure Graylog on your machine?
>>>>
>>>> Cheers,
>>>> Jochen
>>>>
>>>> On Tuesday, 8 November 2016 11:03:51 UTC+1, Alexander Gerasymenko wrote:
>>>>>
>>>>>
>>>>>
>>>>> after updating apache 2.4 with https support, we received this message
>>>>> on graylog web log in. The apache virtual host config file was made using
>>>>> this sample
>>>>> http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html#apache-httpd-2-x
>>>>>
>>>>> Here is an apache config
>>>>>
>>>>> <VirtualHost *:80>
>>>>>> ServerAdmin [email protected]
>>>>>> ServerName graylog.site.org
>>>>>> RewriteEngine On
>>>>>> RewriteCond %{HTTPS} off
>>>>>> RewriteRule (.*) https://%{HTTP_HOST}:443%{REQUEST_URI}
>>>>>>
>>>>>> <Proxy *>
>>>>>> Order deny,allow
>>>>>> Deny from all
>>>>>> allow from 192.168.0.0/24
>>>>>> </Proxy>
>>>>>>
>>>>>>
>>>>>> </VirtualHost>
>>>>>>
>>>>>> <VirtualHost *:443>
>>>>>> ServerAdmin [email protected]
>>>>>> ServerName graylog.site.org
>>>>>> ProxyRequests Off
>>>>>> SSLEngine on
>>>>>> SSLCertificateFile /path/to/ssl.crt
>>>>>> SSLCertificateChainFile /path/to/ssl.pem
>>>>>> SSLCertificateKeyFile /path/to/ssl.key
>>>>>>
>>>>>> <Proxy *>
>>>>>> Order deny,allow
>>>>>> Deny from all
>>>>>> allow from 192.168.0.0/24
>>>>>> </Proxy>
>>>>>>
>>>>>> <Location />
>>>>>> RequestHeader set X-Graylog-Server-URL "
>>>>>> https://graylog.site.org/api/";
>>>>>> ProxyPass http://127.0.0.1:9000/
>>>>>> ProxyPassReverse http://127.0.0.1:9000/
>>>>>> </Location>
>>>>>> </VirtualHost>
>>>>>>
>>>>>
>>>>> Graylog Version: 2.1.2-1
>>>>> Elasticsearch Version: 2.1.1
>>>>> MongoDB Version: 2.6.11
>>>>> Operating System: Ubuntu 14.04
>>>>> Browser version: Firefox 49.0.2
>>>>>
>>>>>
>>>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/39254924-14e7-4096-a319-96754f717363%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
