- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- How to access splunk web interface behind Nginx
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am new to both Nginx and Splunk. I am trying to setup splunk runing on a linux machine with Nginx. I tried multiple setup options for setting up a proxy_pass/upstream - but none seem to work.
I would like to set it so that mydomain.com/splunk would reach the splunk web management page.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are 2 parts to this. Let's say you want to proxy a Splunk instance at:
http://www.example.com/splunkserver
1) Configure Splunk's root endpoint
Splunkweb must be configured to use the same root endpoint as the fronting endpoint, which is /splunkserver in this example. Edit the web config (or create if it doesn't exist):
$SPLUNK_HOME/etc/system/local/web.conf
and add the following to the [settings] stanza:
root_endpoint = /splunkserver
Depending on how you configure your proxy server, you may also have to add:
tools.proxy.on = True
This setting is described in detail in the CherryPy docs.
Restart your Splunk server.
2) Setup your web/proxy server
You must configure your fronting proxy server to forward requests to a specific endpoint over to the Splunk server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The above information is, helpful, but is not specific to NGINX. I spent a few hours on this and got this working. I wanted to share as I'm both a fan of NGINX and Splunk. I am using NGINX v1.6.2 and Splunk (on Windows) v6.2.2
Your Site .conf file referenced in nginx.conf
server {
listen <IP-Address-of-NGINX-For-Splunk>:80;
server_name <URL-You-Set-In-DNS-For-Splunk>;
location / {
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
}
server {
listen <IP-Address-of-NGINX-For-Splunk>:443 ssl;
server_name <URL-You-Set-In-DNS-For-Splunk>;
#Resolve HTTP Error 414 Request-URI-Too-Large
large_client_header_buffers 6 16k;
#Certificate & Key .PEM Format
ssl_certificate /etc/ssl/<name-of-cert>.crt;
ssl_certificate_key /etc/ssl/<name-of-key>.key;
#PFS
ssl_dhparam /etc/ssl/<name-of-DH-key>.dh;
#HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#OSCP
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/alk-splunk02.oscp;
#CIPHERS
include sites.common;
location / {
proxy_pass_request_headers on;
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_pass https://<IP-Address-of-Your-Splunk-Server>:8000;
}
}
A+ Rating on SSL Labs provided you have a SHA256 Cert from trusted CA and intermediates provided inside .crt file
This is sites.common:
#OSCP Stapling
resolver <DNS-Server-IP-1-You-Want> <DNS-Server-IP-2-You-Want> valid=300s;
resolver_timeout 5s;
#Cipher Specification and Session Cache
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL';
proxy_ssl_session_reuse off;
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are 2 parts to this. Let's say you want to proxy a Splunk instance at:
http://www.example.com/splunkserver
1) Configure Splunk's root endpoint
Splunkweb must be configured to use the same root endpoint as the fronting endpoint, which is /splunkserver in this example. Edit the web config (or create if it doesn't exist):
$SPLUNK_HOME/etc/system/local/web.conf
and add the following to the [settings] stanza:
root_endpoint = /splunkserver
Depending on how you configure your proxy server, you may also have to add:
tools.proxy.on = True
This setting is described in detail in the CherryPy docs.
Restart your Splunk server.
2) Setup your web/proxy server
You must configure your fronting proxy server to forward requests to a specific endpoint over to the Splunk server.
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
Splunk Education Goes to Washington | Splunk GovSummit 2024
