my Splunk instance is running on standard port 8000 with user splunk.(on Linux)
web ssl activated
port 8000 is unreachable from users (blocked by firewall)
port 443 is open
As such, I can't modify splunk web to run on port 443
I've added a iptables redirect from port 443 to 8000 (ie nat)
this is working well but I need to tell Splunk that it is only reachable on port 443 and not 8000
I've tried unsucessfully :
- set tools.proxy.base (in web.conf) to https:://myserver/
- idem + tools.proxy.on = True
- tools.proxy.base = https://myserver:443/ + tools.proxy.on = True
However, I can still see urls with :8000 in it (like when restarting Splunk service from splunk web interface)
Any idea what is the good settings to teach Splunk web how to reach the web interface including protocol scheme + hostname + port ?
I'm a tech writer here at Splunk and would like to help with your question. Have you tried reviewing/adjusting more of the configurations in web.conf? Here is the spec file.
In particular, settings for:
Seem like they might be of help here...Again, not sure if you've already checked these.
This documentation topic on changing the web and management port settings via Splunk Web might also be of use:
I hope this helps! Please let me know if not--we can continuing discussing this.
thanks for the answer.
Yes, web.conf looks like the place it should be.
The settings I've tried are from here and taken from the spec file + some posts I've found on answers site.(but I may have missed the good one !)
This is something like a reverse proxy configuration.
Ok! Sounds like web.conf might be the right file for these settings. Let me know if, after adjusting more of the settings in web.conf, you aren't able to get the right configuration. It's also possible to open a support ticket for more troubleshooting.
Also, you might have already seen this, but just FYI: this older post went into a lot of detail on a reverse proxy configuration and addressed some differences in software versions 5 and 6: