Resolved after enable ssl.
sudo graylog-ctl enforce-ssl
sudo graylog-ctl reconfigure
Here is the difference in nginx.conf before and after.
root@:/opt/graylog/conf/nginx# cat nginx.conf.orig
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
http {
include /opt/graylog/conf/nginx/mime.types;
default_type application/octet-stream;
log_format graylog_format 'nginx: $remote_addr - $remote_user
[$time_local] "$request" $status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
<msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
access_log /dev/stdout graylog_format;
server {
listen 80;
location / {
proxy_pass http://localhost:9000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}
}
root@:/opt/graylog/conf/nginx#
root@:/opt/graylog/conf/nginx# cat nginx.conf
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
http {
include /opt/graylog/conf/nginx/mime.types;
default_type application/octet-stream;
log_format graylog_format 'nginx: $remote_addr - $remote_user
[$time_local] "$request" $status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
<msec=$msec|connection=$connection|connection_requests=$connection_requests|millis=$request_time>';
access_log /dev/stdout graylog_format;
server {
listen 80;
return 301 https://$host:443$request_uri;
error_page 502 /502.html;
location /502.html {
internal;
}
}
server {
listen 443;
ssl on;
ssl_certificate /opt/graylog/conf/nginx/ca/graylog.crt;
ssl_certificate_key /opt/graylog/conf/nginx/ca/graylog.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$host:443/api;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
location /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://localhost:9000/api/;
}
error_page 502 /502.html;
location /502.html {
internal;
}
}
}
Thank you everyone for helping out!
Victor
On Thursday, January 5, 2017 at 11:18:58 AM UTC-5, Marius Sturm wrote:
>
> As you can see in the error your desktop machine needs access to port
> 9000: ' http://172.16.124.48:9000/api/'
> If that doesn't work the login will fail.
>
> Cheers,
> Marius
>
> On 5 January 2017 at 16:54, <victorf...@gmail.com <javascript:>> wrote:
> > I also started from scratch. did reboot after configuring IP. then sudo
> > graylog-ctl reconfigure, also tried sudo graylog-ctl restart.
> >
> > The VM 172.16.124.48 is in an internal subnet which does not have
> Internet
> > access. My desktop is in different subnet. Firewall should not play a
> role
> > here, since my laptop can connect to port 80 of the VM.
> >
> > Thanks
> > Victor
> >
> > On Thursday, January 5, 2017 at 4:19:50 AM UTC-5, Nico Zanferrari wrote:
> >>
> >> Yes, 443 is down on my VM, too.
> >>
> >> With IE, I can browse to http://172.16.124.48 , and i get back the
> login
> >> page. After entering admin/admin in it, I'm in the Graylog console on
> the
> >> page http://172.16.124.48/search
> >>
> >> I don't know what's wrong in your installation. Maybe it's easier to
> start
> >> it again from scratch (and do a reboot after configuring the IP but
> before
> >> the sudo graylog-ctl restart). By the way, the md5sum of
> graylog-2.1.2-1.ova
> >> is 05d501b5fbc303a3f3b534985c8f069a
> >>
> >> Cheers,
> >> Nico
> >>
> >> 2017-01-05 4:22 GMT+01:00 <victorf...@gmail.com>:
> >>>
> >>> tried again. same.
> >>>
> >>> I can log into the VM with Putty from my desktop.
> >>>
> >>> I tried it with both FireFox and Chrome, same error.
> >>>
> >>> But when I tried it on IE, I got login page(the login page is on port
> 80.
> >>> It did not change to port 443). After entering admin/admin, click on
> Signing
> >>> in button, the button turned into gray .... gray, and not able to log
> in.
> >>>
> >>> Port 443 is not up running.
> >>> ubuntu@graylog:~$ netstat -an | egrep -w "80|443" | grep LISTEN
> >>> tcp 0 0 0.0.0.0:80 0.0.0.0:*
> >>> LISTEN
> >>>
> >>> Is your 443 up?
> >>>
> >>> Thanks
> >>>
> >>> On Wednesday, January 4, 2017 at 6:30:08 PM UTC-5, Nico Zanferrari
> wrote:
> >>>>
> >>>> Hello,
> >>>>
> >>>> I've just tried what you've described, and it works fine.
> >>>>
> >>>> Did you reboot the VM before the "sudo graylog-ctl reconfigure"? If
> not,
> >>>> can you do it now and reconfigure again?
> >>>> Can you ping the VM from your desktop?
> >>>>
> >>>> Nico
> >>>>
> >>>> 2017-01-04 21:29 GMT+01:00 <victorf...@gmail.com>:
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> I downloaded lastest graylog-2.1.2-1.ova and deployed it. We do not
> >>>>> have DHCP server. After the OVA was deployed, I set static network
> for it.
> >>>>>
> >>>>> root@graylog:~# cat /etc/network/interfaces
> >>>>> # This file describes the network interfaces available on your
> system
> >>>>> # and how to activate them. For more information, see interfaces(5).
> >>>>>
> >>>>> # The loopback network interface
> >>>>> auto lo
> >>>>> iface lo inet loopback
> >>>>>
> >>>>> # The primary network interface
> >>>>> auto eth0
> >>>>> iface eth0 inet static
> >>>>> address 172.16.124.48
> >>>>> netmask 255.255.255.0
> >>>>> gateway 172.16.124.1
> >>>>> dns-nameservers 10.50.22.2 10.40.22.2
> >>>>> dns-domain van.com
> >>>>> dns-search van.com
> >>>>> pre-up sleep 2
> >>>>>
> >>>>> Then ssh to the IP as user ubuntu, and ran
> >>>>>
> >>>>> sudo graylog-ctl reconfigure
> >>>>>
> >>>>> Then try http://172.16.124.48/ from my desktop, I got following
> >>>>> message:
> >>>>>
> >>>>> We are experiencing problems connecting to the Graylog server
> running
> >>>>> on http://172.16.124.48:9000/api/. Please verify that the server is
> healthy
> >>>>> and working correctly.
> >>>>>
> >>>>> You will be automatically redirected to the previous page once we
> can
> >>>>> connect to the server.
> >>>>>
> >>>>>
> >>>>> What did I miss? I also tried to run as user root, and sudo
> >>>>> graylog-ctl restart
> >>>>>
> >>>>>
> >>>>> Thank you
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to the Google
> >>>>> Groups "Graylog Users" group.
> >>>>> To unsubscribe from this group and stop receiving emails from it,
> send
> >>>>> an email to graylog2+u...@googlegroups.com.
> >>>>> To view this discussion on the web visit
> >>>>>
> https://groups.google.com/d/msgid/graylog2/86e979aa-3695-4036-99b0-0188aa767584%40googlegroups.com.
>
>
> >>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>
> >>>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups
> >>> "Graylog Users" group.
> >>> To unsubscribe from this group and stop receiving emails from it, send
> an
> >>> email to graylog2+u...@googlegroups.com.
> >>> To view this discussion on the web visit
> >>>
> https://groups.google.com/d/msgid/graylog2/283fdfa6-9c37-40b8-a2d1-817b281c4a49%40googlegroups.com.
>
>
> >>>
> >>> For more options, visit https://groups.google.com/d/optout.
> >>
> >>
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Graylog Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to graylog2+u...@googlegroups.com <javascript:>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/graylog2/9c5cd8bf-ef8e-451f-9f31-5c27b0ff5bc5%40googlegroups.com.
>
>
> >
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/0a31fd1a-05a8-4d77-b2d3-ee3f15a2356d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
