I got pretty sick of having to constantly remember to put “:9000” to reach my Graylog web interface, and didn’t really want to mess around with adding SSL support into graylog itself. The solution? Run my favorite web server (nginx) as a transparent reverse proxy to handle things.
We’re still working on an Ubuntu Trusty VM here.
First, install nginx. Usually I compile from source or use the community PPA, but since we are doing the most basic thing ever there isn’t a need to get a bleeding edge version right now.
sudo apt-get update && sudo apt-get install -y nginx
Once nginx is installed, we can create a simple configuration for the reverse proxy, telling nginx where to push things back and forth to. Create a new file /etc/nginx/sites-enabled called 00-graylog-proxy, and edit it to contain something like the below.
If you want to secure the graylog web interface by accessing it only over HTTPS, you can do so easily! Alter your configuration file to look like this:
We have a wildcard cert we use internally for appliances and various web interfaces. You can generate and use a self-signed certificate by running the following:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/graylog-proxy.key -out /etc/nginx/graylog-proxy.crt
Don’t forget to tell nginx to reload your new configuration:
sudo service nginx reload