Security

Splunk web redirect to FQDN?

Communicator

I was looking around and maybe my googling is the best today, but I cannot seem to find a way to redirect the Splunk webserver. Basically our customers can access our Splunk servers with either the short name:

https://splunkit:8000

Or the FQDN

https://splunkit.mydomain.com:8000

My question is how do I get the Splunk webserver to redirect the short name to the FQDN? We are getting dedicated certs for the Splunk web interface and need customer's to access the FQDN for the certs to be valid. Any help or docs would be awesome thanks.

-ed

0 Karma
1 Solution

Influencer

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

View solution in original post

0 Karma

Influencer

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

View solution in original post

0 Karma

Ultra Champion

Agreed. This is something that needs to be configured as part of the larger DNS/FQND setup. As in, this is part of networking configuration for the environment, not Splunk itself.

0 Karma

Contributor

I don't know how to redirect it. You could also create certificates with aliases. Your certificate will be valid for short AND FQDN