Security

Splunk Web not accessible via https

abhijitnath89ax
Loves-to-Learn

We had provided created certificates and provided all information in web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/mycerts/CertAwsDev/private.key
serverCert = /opt/splunk/etc/auth/mycerts/CertAwsDev/Cert.pem
httpport = 443

But we are not getting the 443v port established in the server
netstat -aen | grep 443

For this reason it is coming unhealthy (502) in AWS target groups

Labels (1)
0 Karma

abhijitnath89ax
Loves-to-Learn

Below is the output of netstat command

netstat -aen | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 9944802
tcp 0 0 10.x.x.101:37272 54.x.x.173:443 ESTABLISHED 0 10220872
tcp 0 0 10.x.x.101:59914 54.x.x.213:443 TIME_WAIT 0 0
tcp 0 0 10.x.x.101:46116 52.x.x.97:443 ESTABLISHED 0 10220742

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Based on output provided by you, your server is listening on port 443 but AWS LB is getting 502 Bad gateway in health check. As I don't have more knowledge on AWS side, I can't help much more but if you are using self signed certificate on splunk server then you might need to add root certificate on AWS LB.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Are you running splunk with root user ? On Linux only root can use port < 1024.

0 Karma

abhijitnath89ax
Loves-to-Learn

I am running splunk with root user

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Please provide output of ss -nltp | grep 443

0 Karma

abhijitnath89ax
Loves-to-Learn

LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("splunkd",pid=20841,fd=112))

0 Karma

PavelP
Motivator

Does the splunkd process listen on port 443? You haven't provided the output of netstat command.

If splunkd is listening on the port then check firewall (network and local).

Let me know how it went

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!