Thanks. That seemed to do the trick - it is now working as expected. For the record, the change made was -
changed web_endpoint_uri = http://graylog-web01:12900/ to https://graylog:12900 (the load balancer) in effect making both web interface and rest api use https Regards, On Thursday, October 13, 2016 at 2:23:37 AM UTC-4, Jochen Schalanda wrote: > > Hi, > > you're running into a problem with the Mixed Content Policy of your web > browser. > > If you're using HTTPS for the web interface, you also have to use HTTPS > for the Graylog REST API (see web_endpoint_uri > <https://github.com/Graylog2/graylog2-server/blob/2.1.1/misc/graylog.conf#L137-L139> > ). > > In general, please refer to > http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html and > http://docs.graylog.org/en/2.1/pages/configuration/https.html for more > information. > > Cheers, > Jochen > > On Wednesday, 12 October 2016 19:28:48 UTC+2, fxp wrote: >> >> Env: Graylog 2.1.1, JRE 1.8.0, ES 2.4.1, RHEL 6.8 >> >> *setup* - 2 x graylog-servers v2.1.1 with 1 x load balancer in front >> running nginx v1.10 >> >> Load balancer setup not using ssl (just http) works well without issue. >> However the moment I enable ssl/termination on nginx, I keep running into >> Server Currently Unavailable Error. I've poured over the graylog >> documentation and I'm unable to find out what is wrong. >> Does someone have working example of SSL load balancer in front of >> graylog production setup (either with SSL termination on lb or SSL Pass >> through?). User --> https --> LB --> http or https --> graylog cluster (2 >> nodes) >> Can someone pls assist and guide where the issue is??? >> >> >> *Graylog-server configs :* >> >> node1 - >> >> is_master = true >>> node_id_file = /etc/graylog/server/node-id >>> password_secret = xxxx >>> root_password_sha2 = xxxx >>> root_timezone = US/Eastern >>> plugin_dir = /usr/share/graylog-server/plugin >>> rest_listen_uri = http://graylog-web01:12900/ >>> rest_transport_uri = http://graylog-web01:12900/ >>> web_listen_uri = http://graylog-web01:9000/ >>> web_endpoint_uri = http://graylog-web01:12900/ >>> rotation_strategy = count >>> elasticsearch_max_docs_per_index = 20000000 >>> elasticsearch_max_number_of_indices = 40 >>> retention_strategy = delete >>> elasticsearch_shards = 8 >>> elasticsearch_replicas = 1 >>> elasticsearch_index_prefix = graylog2 >>> allow_leading_wildcard_searches = false >>> allow_highlighting = false >>> elasticsearch_cluster_name = graylog2 >>> elasticsearch_node_name_prefix = graylog-web01- >>> elasticsearch_discovery_zen_ping_multicast_enabled = false >>> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, >>> 10.30.20.59:9300, 10.30.20.65:9300 >>> elasticsearch_network_host = graylog-web01 >>> elasticsearch_analyzer = standard >>> output_batch_size = 500 >>> output_flush_interval = 1 >>> output_fault_count_threshold = 5 >>> output_fault_penalty_seconds = 30 >>> processbuffer_processors = 5 >>> outputbuffer_processors = 3 >>> processor_wait_strategy = blocking >>> ring_size = 65536 >>> inputbuffer_ring_size = 65536 >>> inputbuffer_processors = 2 >>> inputbuffer_wait_strategy = blocking >>> message_journal_enabled = true >>> message_journal_dir = /var/lib/graylog-server/journal >>> lb_recognition_period_seconds = 3 >>> lb_throttle_threshold_percentage = 95 >>> mongodb_uri = >>> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl >>> mongodb_max_connections = 1000 >>> mongodb_threads_allowed_to_block_multiplier = 5 >>> content_packs_dir = /usr/share/graylog-server/contentpacks >>> content_packs_auto_load = grok-patterns.json >>> proxied_requests_thread_pool_size = 32 >>> >> >> node2 - >> >>> is_master = false >>> node_id_file = /etc/graylog/server/node-id >>> password_secret = xxxx >>> root_password_sha2 = xxxx >>> root_timezone = US/Eastern >>> plugin_dir = /usr/share/graylog-server/plugin >>> rest_listen_uri = http://graylog-web02:12900/ >>> rest_transport_uri = http://graylog-web02:12900/ >>> web_listen_uri = http://graylog-web02:9000/ >>> web_endpoint_uri = http://graylog-web02:12900/ >>> rotation_strategy = count >>> elasticsearch_max_docs_per_index = 20000000 >>> elasticsearch_max_number_of_indices = 40 >>> retention_strategy = delete >>> elasticsearch_shards = 8 >>> elasticsearch_replicas = 1 >>> elasticsearch_index_prefix = graylog2 >>> allow_leading_wildcard_searches = false >>> allow_highlighting = false >>> elasticsearch_cluster_name = graylog2 >>> elasticsearch_node_name_prefix = graylog-web02- >>> elasticsearch_discovery_zen_ping_multicast_enabled = false >>> elasticsearch_discovery_zen_ping_unicast_hosts = 10.30.20.58:9300, >>> 10.30.20.59:9300, 10.30.20.65:9300 >>> elasticsearch_network_host = graylog-web02 >>> elasticsearch_analyzer = standard >>> output_batch_size = 500 >>> output_flush_interval = 1 >>> output_fault_count_threshold = 5 >>> output_fault_penalty_seconds = 30 >>> processbuffer_processors = 5 >>> outputbuffer_processors = 3 >>> processor_wait_strategy = blocking >>> ring_size = 65536 >>> inputbuffer_ring_size = 65536 >>> inputbuffer_processors = 2 >>> inputbuffer_wait_strategy = blocking >>> message_journal_enabled = true >>> message_journal_dir = /var/lib/graylog-server/journal >>> lb_recognition_period_seconds = 3 >>> lb_throttle_threshold_percentage = 95 >>> mongodb_uri = >>> mongodb://user:password@graylog-web01,graylog-web02/graylog2?replicaSet=graylog2Repl >>> mongodb_max_connections = 1000 >>> mongodb_threads_allowed_to_block_multiplier = 5 >>> content_packs_dir = /usr/share/graylog-server/contentpacks >>> content_packs_auto_load = grok-patterns.json >>> proxied_requests_thread_pool_size = 32 >>> >> >> >> *nginx load balancer config : * >> >> >> upstream graylog-weblb { >>> server graylog-web01:9000; >>> server graylog-web02:9000; >>> } >>> upstream graylog-apilb { >>> server graylog-web01:12900; >>> server graylog-web02:12900; >>> } >>> server { >>> listen 80; >>> return 301 https://$host$request_uri; >>> } >>> server { >>> listen 443 ssl; >>> server_name graylog; >>> ssl on; >>> ssl_certificate /etc/nginx/ssl/graylog/server.crt; >>> ssl_certificate_key /etc/nginx/ssl/graylog/server.key; >>> ssl_session_cache shared:SSL:20m; >>> ssl_session_timeout 10m; >>> ssl_prefer_server_ciphers on; >>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >>> ssl_ciphers >>> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; >>> add_header Strict-Transport-Security "max-age=31536000"; >>> access_log /var/log/nginx/graylog.access.log; >>> location / { >>> proxy_set_header Host $host; >>> proxy_set_header X-Real-IP $remote_addr; >>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >>> proxy_set_header X-Forwarded-Proto $scheme; >>> proxy_read_timeout 90; >>> proxy_pass http://graylog-weblb; >>> } >>> } >>> server { >>> listen 12900 ssl; >>> server_name graylog; >>> ssl on; >>> ssl_certificate /etc/nginx/ssl/graylog/server.crt; >>> ssl_certificate_key /etc/nginx/ssl/graylog/server.key; >>> ssl_session_cache shared:SSL:20m; >>> ssl_session_timeout 10m; >>> ssl_prefer_server_ciphers on; >>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >>> ssl_ciphers >>> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; >>> add_header Strict-Transport-Security "max-age=31536000"; >>> access_log /var/log/nginx/graylog-api.access.log; >>> location / { >>> proxy_set_header Host $host; >>> proxy_set_header X-Real-IP $remote_addr; >>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >>> proxy_set_header X-Forwarded-Proto $scheme; >>> proxy_read_timeout 90; >>> proxy_pass http://graylog-apilb; >>> } >>> } >>> >>> >> >> *Error seen - * >> Server Currently unavailable >> We are experiencing problems connecting to Graylog server running on >> http://graylog-web02:12900/. Please verify the server is healthy and >> working correctly. >> >> Error messageBad requestOriginal RequestGET >> http://graylog-web02:12900/system/sessionsStatus codeundefinedFull error >> messageError: Request has been terminated Possible causes: the network >> is offline, Origin is not allowed by Access-Control-Allow-Origin, the page >> is being unloaded, etc. >> Many Many thanks, >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3a6a6979-7f11-4bfc-aa3d-95772e94dc64%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
