Hi Jochen
Yes you are right. Checking up on it, it is a v1.3.4. Is it possible to do what I would like to do in this version? Will take a look at the documentation and see if I can find a solution there. Best regards. René Jensen ________________________________ From: [email protected] <[email protected]> on behalf of Jochen Schalanda <[email protected]> Sent: Thursday, December 8, 2016 2:15 PM To: Graylog Users Subject: [graylog2] Re: Redirect of port 9000 to https Hi René, it looks like you're using an old version of Graylog (i. e. before Graylog 2.0.0) which doesn't support the X-Graylog-Server-URL HTTP request header. If you want to follow the documentation on http://docs.graylog.org/en/2.1/pages/configuration/https.html, you'll have to upgrade to Graylog 2.1.2 first. Cheers, Jochen On Thursday, 8 December 2016 14:03:56 UTC+1, [email protected] wrote: I have now for a while tried to setup graylog with https only access. I have followed the graylog documentation to the point and are now using the nginx solution to access graylog-web using https. This part works fine for me, but the problem is it is still accessable using http://fqdn:9000. I found then I could disable http.port and enable https.port with access to keystore like this in /etc/default/graylog-web: # HTTP server settings. GRAYLOG_WEB_HTTP_ADDRESS="0.0.0.0" GRAYLOG_WEB_HTTP_PORT="8443" # Might be used to adjust the Java heap size. (i.e. "-Xms1024m -Xmx2048m") #GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks -Dhttps.port=8443 -Dhttps.keyStore=/etc/graylog/cert/cacerts.jks -Dhttps.keyStorePassword=changeit -Dhttp.port=disabled" GRAYLOG_WEB_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/graylog/cert/cacerts.jks" # Pass some extra args to graylog-web. (i.e. "-d" to enable debug mode) GRAYLOG_WEB_ARGS="" # Program that will be used to wrap the graylog-web command. Useful to # support programs like authbind. GRAYLOG_COMMAND_WRAPPER="" and in /etc/nginx/conf.d/graylog.conf I defined this: server { listen 443 ssl spdy; server_name fqdn; # <- your SSL Settings here! ssl_certificate /etc/graylog/cert/graylog-cert.pem; ssl_certificate_key /etc/graylog/cert/graylog-key.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #ssl_password_file /etc/graylog/cert/graylog.pwd location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Graylog-Server-URL https://fqdn/api; proxy_pass https://127.0.0.1:8443; } } Resulting in a nginx gateway error 502 when trying to access graylog in a browser. How would I be able to get the https access solely without being able to access http://fqdn:9000 on the graylog-web? BR. René Jensen -- You received this message because you are subscribed to a topic in the Google Groups "Graylog Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/T_lT4muKigc/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8d1ea90b-469d-4dc6-947a-a85b7c5c2217%40googlegroups.com<https://groups.google.com/d/msgid/graylog2/8d1ea90b-469d-4dc6-947a-a85b7c5c2217%40googlegroups.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1481203401618.36949%40sonymobile.com. For more options, visit https://groups.google.com/d/optout.
