Deployment Architecture

How to make Splunk web understand web port is natted ?

matthieu_araman
Communicator

Hello,

my Splunk instance is running on standard port 8000 with user splunk.(on Linux)
web ssl activated

port 8000 is unreachable from users (blocked by firewall)
port 443 is open

As such, I can't modify splunk web to run on port 443

I've added a iptables redirect from port 443 to 8000 (ie nat)

this is working well but I need to tell Splunk that it is only reachable on port 443 and not 8000

I've tried unsucessfully :
- set tools.proxy.base (in web.conf) to https:://myserver/
- idem + tools.proxy.on = True
- tools.proxy.base = https://myserver:443/ + tools.proxy.on = True

However, I can still see urls with :8000 in it (like when restarting Splunk service from splunk web interface)

Any idea what is the good settings to teach Splunk web how to reach the web interface including protocol scheme + hostname + port ?

Tags (1)
0 Karma

matthieu_araman
Communicator

thanks for the answer.

Yes, web.conf looks like the place it should be.

The settings I've tried are from here and taken from the spec file + some posts I've found on answers site.(but I may have missed the good one !)

This is something like a reverse proxy configuration.

0 Karma

frobinson_splun
Splunk Employee
Splunk Employee

Ok! Sounds like web.conf might be the right file for these settings. Let me know if, after adjusting more of the settings in web.conf, you aren't able to get the right configuration. It's also possible to open a support ticket for more troubleshooting.

Also, you might have already seen this, but just FYI: this older post went into a lot of detail on a reverse proxy configuration and addressed some differences in software versions 5 and 6:

http://answers.splunk.com/answers/72512/reverse-proxy-not-working-configuration-even-with-expected-c...

All best,
@frobinson_splunk

frobinson_splun
Splunk Employee
Splunk Employee

Hi @matthieu_araman,
I'm a tech writer here at Splunk and would like to help with your question. Have you tried reviewing/adjusting more of the configurations in web.conf? Here is the spec file.
http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/Webconf

In particular, settings for:
httpport =
mgmtHostPort =

  • various settings for SSL protocol/versions

Seem like they might be of help here...Again, not sure if you've already checked these.

This documentation topic on changing the web and management port settings via Splunk Web might also be of use:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Changedefaultvalues#Change_network_ports

I hope this helps! Please let me know if not--we can continuing discussing this.

All best,
@frobinson_splunk

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...