Yes it's required to connect to TCP 12900. That's also where the sidecar and collectors connect.
I think the reasoning was that you ought to have the ability to open the firewall to the server since you're already using a bunch of ports to send it the log data it needs. The web interface isn't separate any more, so one more port for the REST interface wasn't supposed to be a problem. But proxy firewalls and remote access may turn out to be a larger issue than the developers expected. I'm currently having problems getting my URIs correct in Docker on a bunch of hosts that don't tell me the container's IP until after the container is created. On Wednesday, April 13, 2016 at 8:14:16 PM UTC-4, Jason Haar wrote: > > Hi there > > Under graylog-1.3.4 I had published graylog-web behind a WAF - which > nicely mapped https://graylog.internet.domain to > http://graylog.intranet.domain (notice the different domain names too) > > With v2.0 I can't get this to work. Now it appears graylog returns content > with hardwired URLs that are defined by rest_listen_uri? That means we end > up with browser errors as they are talking to the WAF over HTTPS and the > content contains HTTP links - to port 12900. Bad. > > Am I correct that graylog-v2 requires browsers to talk to non-web ports > (ie 12900)? That's quite a change. The comments say "Must be reachable by > other Graylog server nodes if you run a cluster" - no mention of this being > required by web browsers. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8c3040cb-61f0-4519-a5d2-e9bf55178d15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.