We have deployed Splunk Enterprise on an EC2 instance behind a classic ELB in AWS with HTTPS enabled (screenshots attached). Splunk runs in plain HTTP in the default port but we have set in our web.conf the following
tools.proxy.base=https://<our-domain>
tools.proxy.on=true
Though when we visit the Splunk HTTPS, we can see the login page and authenticate successfully , then it redirects us in a https://127.0.0.1:8000/en-US/app/launcher and not our ELB URL. Help appreciated.
Hello Fman82, perhaps this thread is relevant for you:
https://answers.splunk.com/answers/103674/using-aws-https-elb-with-ec2-splunk-web-on-http-port-8000....
Thanks. But are we saying we need to put a reverse proxy in front of SplunkWeb for this to work?
It seems overkill for something so basic. It seems that SplunkWeb just isn't taking the correct base host & port as defined in tools.proxy.base
in the web.conf
I'm having the same issue. The tools.proxy.base configuration does not seem to be working as it always points to 127.0.0.1:8000, it does not matter what I add as a base.
tools.proxy.on = <boolean>
* Whether or not the Splunk platform instance is behind a reverse proxy server.
* If set to "true", the instance assumes that it is behind a reverse proxy and
uses HTTP header information from the proxy to log access requests, secure
its cookies properly, and generate valid URLs for redirect responses.
* All of the instance's HTTP services will use information from
"X-Forwarded-*", "Front-End-Https", and "X-Url-Scheme" headers, where
available, to override what it receives from proxied requests.
* If you set this to "true", you must also set 'tools.proxy.base' to a valid
host name and network port.
* If set to "false", the instance relies on its own internal HTTP server
settings and the immediate client's HTTP headers for the information needed
for access request logging, cookie securing, and redirect URL generation.
* Default: false
tools.proxy.base = <scheme>://<URL>
* The proxy base URL in Splunk Web.
* Default: empty string
It is disappointing that Splunk does not provide this capability out of the box. You would expect this from the tools.proxy.base setting but it just keeps pointing back to localhost:8000. So, to resolve termination of HTTPS traffic on my ELB and pass HTTP to the instance, I had to do add a reverse proxy. It is an overkill unfortunately @fman82 but easy to setup.
In short, I added Nginx and setup a redirection of all 80 traffic to 443 using the following configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name <elb.hostname.domain>;
return 301 https://$host$request_uri;
}
Keep in mind you may need to open port 80 on the ELB and all the internal HTTP Splunk redirects are handled by Nginx.