Does anyone have docker graylog working behind caddy?


(Mike) #1

I’m trying to setup a docker instance of Graylog based on the docker-compose example provided by http://docs.graylog.org/en/3.0/pages/installation/docker.html and I’m in need of some guidance on getting this to work.

The monogo db, elasticsearch, and graylog containers all start up successfully however I’m unable to get anything with the web UI to work through Caddy. Looking at the caddy logs every call to the Graylog API results in a 404.

This link explains how the Graylog Web UI connects to the API where it pulls all its files from.

My network:

10.19.75.4 = host server running the docker containers
172.31.220.4 = docker instance of caddy
172.31.220.100 = docker instance of graylog

Graylog configuration:

http_bind_address = 172.31.220.100:9000
http_publish_uri = https://graylog.example.com/
trusted_proxies = 172.31.220.4/32

Caddy configuration:

(options) {
    gzip
    timeouts none
    realip {
        from cloudflare
        from 10.0.0.0/8
        from 172.16.0.0/12
        from 192.168.0.0/16
    }
}

(tls) {
    tls myadmin@email.com {
        dns cloudflare
        protocols tls1.2
        #ca https://acme-staging-v02.api.letsencrypt.org/directory
    }
}

(block_external_at_root) {
    ipfilter / {
        rule allow
        ip 192.168.0.0/16
        ip 172.16.0.0/12
        ip 10.0.0.0/8
    }
}

graylog.example.com {
    import block_external_at_root
    import options
    import tls

    proxy / http://graylog:9000 {
        transparent 
	websocket
        insecure_skip_verify
        header_upstream X-Forwarded-Host {hostonly}
        header_upstream X-Forwarded-Server {hostonly}
	header_upstream X-Graylog-Server-URL https://graylog.example.com/api/
    }

    proxy /api/ http://graylog:9000/api/ {
        transparent 
	websocket
        insecure_skip_verify
        header_upstream X-Forwarded-Host {hostonly}
        header_upstream X-Forwarded-Server {hostonly}
	header_upstream X-Graylog-Server-URL https://graylog.example.com/api/
    }    

    log / /var/logs/sites/app/graylog-access.log {$LOG_LONG}
    errors /var/logs/sites/app/graylog-errors.log
}

Docker compose:

  graylog:
    image: graylog/graylog:3.0
    container_name: graylog
    hostname: graylog
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
      - graylog_config:/usr/share/graylog/data/config
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    networks:
      dockernet:
        ipv4_address: 172.31.220.100
    ports:
      - 9000:9000
      - 514:514
      - 514:514/udp
      - 12201:12201
      - 12201:12201/udp

(Mike) #2

For anyone that wonders upon this the fix is below:

Add the following to the Graylog configuration:

web_listen_uri = http://172.31.220.100:9000
rest_listen_uri = http://172.31.220.100:9000/api

In the graylog.example.com Caddy configuration the following changes were made:

* Removed the "proxy /api"  clause; it's not required
* In "proxy /" clause drop /api from the X-Graylog-Server-URL value
* in "proxy /" clause add: header_upstream X-Requested-By {host}

Here's updated working proxy section:

    proxy / http://graylog:9000 {
        transparent 
	websocket
        insecure_skip_verify
        header_upstream X-Requested-By {host}
        header_upstream X-Forwarded-Host {hostonly}
        header_upstream X-Forwarded-Server {hostonly}
	header_upstream X-Graylog-Server-URL https://graylog.inasario.com/
    }