I got pretty sick of having to constantly remember to put “:9000” to reach my Graylog web interface, and didn’t really want to mess around with adding SSL support into graylog itself. The solution? Run my favorite web server (nginx) as a transparent reverse proxy to handle things.
We’re still working on an Ubuntu Trusty VM here.
First, install nginx. Usually I compile from source or use the community PPA, but since we are doing the most basic thing ever there isn’t a need to get a bleeding edge version right now.
sudo apt-get update && sudo apt-get install -y nginx
Once nginx is installed, we can create a simple configuration for the reverse proxy, telling nginx where to push things back and forth to. Create a new file /etc/nginx/sites-enabled called 00-graylog-proxy, and edit it to contain something like the below.
If you want to secure the graylog web interface by accessing it only over HTTPS, you can do so easily! Alter your configuration file to look like this:
We have a wildcard cert we use internally for appliances and various web interfaces. You can generate and use a self-signed certificate by running the following:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/graylog-proxy.key -out /etc/nginx/graylog-proxy.crt
Don’t forget to tell nginx to reload your new configuration:
sudo service nginx reload
What about running Kibana an Graylog on the same server?
How would you configure nginx to redirect URL/kibana and URL/graylog ?
You can do this too – you’ll need to tell nginx to proxy to a subdirectory with the location directive. Each location can use a separate block to proxy pass upstream.
So, if I understand right, client requests resource by URL and Apache proxy server returns content of resource directly?
Thanks
Apache can be configured to do the same thing, yes – it is just a bit heavier in system resources so I prefer nginx for this.
Does server_name have to be a valid domain name?
Nope – server_name can be an IP address or a URL. If you don’t have a valid domain name or DNS for the forwarding server, you could always make an entry in /etc/hosts to make it resolve that way.
Why do you call it transparent?
Transparent refers to the fact that the proxy only sends data back and forth, it does not modify the web request sent by the client or response sent by the server. A non-transparent proxy would add content to the request or response.