Resolved after enable ssl.
sudo graylog-ctl enforce-ssl
sudo graylog-ctl reconfigure
Here is the difference in nginx.conf before and after.
root@:/opt/graylog/conf/nginx# cat nginx.conf.orig
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
http {
include /opt/graylog/conf/nginx/mime.types;
default_type application/octet-stream;
log_format graylog_format 'nginx: $remote_addr - $remote_user
[$time_local] "$request" $status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
<msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
access_log /dev/stdout graylog_format;
server {
listen 80;
location / {
proxy_pass http://localhost:9000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}
}
root@:/opt/graylog/conf/nginx#
root@:/opt/graylog/conf/nginx# cat nginx.conf
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
http {
include /opt/graylog/conf/nginx/mime.types;
default_type application/octet-stream;
log_format graylog_format 'nginx: $remote_addr - $remote_user
[$time_local] "$request" $status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
<msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
access_log /dev/stdout graylog_format;
server {
listen 80;
return 301 https://$host:443$request_uri;
error_page 502 /502.html;
location /502.html {
internal;
}
}
server {
listen 443;
ssl on;
ssl_certificate /opt/graylog/conf/nginx/ca/graylog.crt;
ssl_certificate_key /opt/graylog/conf/nginx/ca/graylog.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$host:443/api;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
location /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://localhost:9000/api/;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}
}
Thank you everyone for helping out!
Victor
On Thursday, January 5, 2017 at 11:18:58 AM UTC-5, Marius Sturm wrote:
>
> As you can see in the error your desktop machine needs access to port
> 9000: ' http://172.16.124.48:9000/api/'
> If that doesn't work the login will fail.
>
> Cheers,
> Marius
>
> On 5 January 2017 at 16:54, <[email protected] <javascript:>> wrote:
> > I also started from scratch. did reboot after configuring IP. then sudo
> > graylog-ctl reconfigure, also tried sudo graylog-ctl restart.
> >
> > The VM 172.16.124.48 is in an internal subnet which does not have
> Internet
> > access. My desktop is in different subnet. Firewall should not play a
> role
> > here, since my laptop can connect to port 80 of the VM.
> >
> > Thanks
> > Victor
> >
> > On Thursday, January 5, 2017 at 4:19:50 AM UTC-5, Nico Zanferrari wrote:
> >>
> >> Yes, 443 is down on my VM, too.
> >>
> >> With IE, I can browse to http://172.16.124.48 , and i get back the
> login
> >> page. After entering admin/admin in it, I'm in the Graylog console on
> the
> >> page http://172.16.124.48/search
> >>
> >> I don't know what's wrong in your installation. Maybe it's easier to
> start
> >> it again from scratch (and do a reboot after configuring the IP but
> before
> >> the sudo graylog-ctl restart). By the way, the md5sum of
> graylog-2.1.2-1.ova
> >> is 05d501b5fbc303a3f3b534985c8f069a
> >>
> >> Cheers,
> >> Nico
> >>
> >> 2017-01-05 4:22 GMT+01:00 <[email protected]>:
> >>>
> >>> tried again. same.
> >>>
> >>> I can log into the VM with Putty from my desktop.
> >>>
> >>> I tried it with both FireFox and Chrome, same error.
> >>>
> >>> But when I tried it on IE, I got login page(the login page is on port
> 80.
> >>> It did not change to port 443). After entering admin/admin, click on
> Signing
> >>> in button, the button turned into gray .... gray, and not able to log
> in.
> >>>
> >>> Port 443 is not up running.
> >>> ubuntu@graylog:~$ netstat -an | egrep -w "80|443" | grep LISTEN
> >>> tcp 0 0 0.0.0.0:80 0.0.0.0:*
> >>> LISTEN
> >>>
> >>> Is your 443 up?
> >>>
> >>> Thanks
> >>>
> >>> On Wednesday, January 4, 2017 at 6:30:08 PM UTC-5, Nico Zanferrari
> wrote:
> >>>>
> >>>> Hello,
> >>>>
> >>>> I've just tried what you've described, and it works fine.
> >>>>
> >>>> Did you reboot the VM before the "sudo graylog-ctl reconfigure"? If
> not,
> >>>> can you do it now and reconfigure again?
> >>>> Can you ping the VM from your desktop?
> >>>>
> >>>> Nico
> >>>>
> >>>> 2017-01-04 21:29 GMT+01:00 <[email protected]>:
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> I downloaded lastest graylog-2.1.2-1.ova and deployed it. We do not
> >>>>> have DHCP server. After the OVA was deployed, I set static network
> for it.
> >>>>>
> >>>>> root@graylog:~# cat /etc/network/interfaces
> >>>>> # This file describes the network interfaces available on your
> system
> >>>>> # and how to activate them. For more information, see interfaces(5).
> >>>>>
> >>>>> # The loopback network interface
> >>>>> auto lo
> >>>>> iface lo inet loopback
> >>>>>
> >>>>> # The primary network interface
> >>>>> auto eth0
> >>>>> iface eth0 inet static
> >>>>> address 172.16.124.48
> >>>>> netmask 255.255.255.0
> >>>>> gateway 172.16.124.1
> >>>>> dns-nameservers 10.50.22.2 10.40.22.2
> >>>>> dns-domain van.com
> >>>>> dns-search van.com
> >>>>> pre-up sleep 2
> >>>>>
> >>>>> Then ssh to the IP as user ubuntu, and ran
> >>>>>
> >>>>> sudo graylog-ctl reconfigure
> >>>>>
> >>>>> Then try http://172.16.124.48/ from my desktop, I got following
> >>>>> message:
> >>>>>
> >>>>> We are experiencing problems connecting to the Graylog server
> running
> >>>>> on http://172.16.124.48:9000/api/. Please verify that the server is
> healthy
> >>>>> and working correctly.
> >>>>>
> >>>>> You will be automatically redirected to the previous page once we
> can
> >>>>> connect to the server.
> >>>>>
> >>>>>
> >>>>> What did I miss? I also tried to run as user root, and sudo
> >>>>> graylog-ctl restart
> >>>>>
> >>>>>
> >>>>> Thank you
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to the Google
> >>>>> Groups "Graylog Users" group.
> >>>>> To unsubscribe from this group and stop receiving emails from it,
> send
> >>>>> an email to [email protected].
> >>>>> To view this discussion on the web visit
> >>>>>
> https://groups.google.com/d/msgid/graylog2/86e979aa-3695-4036-99b0-0188aa767584%40googlegroups.com.
>
>
> >>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>
> >>>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups
> >>> "Graylog Users" group.
> >>> To unsubscribe from this group and stop receiving emails from it, send
> an
> >>> email to [email protected].
> >>> To view this discussion on the web visit
> >>>
> https://groups.google.com/d/msgid/graylog2/283fdfa6-9c37-40b8-a2d1-817b281c4a49%40googlegroups.com.
>
>
> >>>
> >>> For more options, visit https://groups.google.com/d/optout.
> >>
> >>
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Graylog Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/graylog2/9c5cd8bf-ef8e-451f-9f31-5c27b0ff5bc5%40googlegroups.com.
>
>
> >
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/0a31fd1a-05a8-4d77-b2d3-ee3f15a2356d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
