We have an AWS configuration where the splunk server is running on an EC2 instance within a VPC. splunkweb is using HTTP. To prove that we can access splunkweb, we have an ELB entry that listens on HTTP port 80 and redirects to splunk on HTTP port 8000. This works fine.
Now what we want to do is to make the ELB listen on HTTPS port 443 and redirect to splunk on HTTP port 8000, i.e.
User Browser <- SSL -> AWS ELB <- HTTP -> Splunk Web
Basically let AWS ELB handle the SSL from the outside, and within the VPC, splunk will continue to use HTTP to save the extra crypto effort. However this doesn't work.
Is there a recommended way to achieve this?
Thanks,
JT
Going off the current most voted answer i have created terraform code to automate setting up a test splunk instance...
You will need to provide the following
Terrafrom Code:
https://github.com/ChiefRiver/AWSSplunkInstance
,Going off the current most voted answer i have created terraform code to automate setting up a test splunk instance...
Terrafrom Code:
https://github.com/ChiefRiver/AWSSplunkInstance
These are all Amazon Web Service terms. See the AWS Glossary for more details.
Until SPL-79993 is corrected in a newer release, here's how we did it:
https request on port 443 <-> AWS ELB Front End Port 443 (ssl terminates) <-> AWS ELB Back End Port 8000 <-> Apache Reverse Proxy (new ssl request created) <-> SplunkWeb (new ssl request terminated).
Below are the configurations that made this work for us:
/etc/httpd/conf/httpd.conf #redirect 80 to 443
Listen 80
<VirtualHost *:80>
ServerName website.com
Redirect permanent / https://website.com/
</VirtualHost>
/etc/httpd/conf.d/ssl.conf # load ssl module, proxypass web_root "/" to https://localhost:8000, and define ssl cert
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName website.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/website.crt
SSLCertificateKeyFile /etc/httpd/ssl/website.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>
/opt/splunk/etc/system/local/web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/website.key
caCertPath = /etc/httpd/ssl/website.crt
We also enabled shibboleth.sso but that isnt shown above. Just mentioning in case someone else wants to message me for those details as well.
Hi All,
Has there been any updates if SPL-79993 has been fixed already? Trying to google around but can't find any article regarding the status.
Tnx...
I am facing the same issue, and it has been several years since this was originally posted. Does anyone know if Splunk has fixed this issue or what the best practice is for setting up a Load-Balancer in AWS using SSL? I would like to avoid using the Apache workaround if possible.
So it seems we are over 2 years down the line since the last comment on this subject and its still not working or then I have missed something ?
Its such a basic thing however.
The problem relates to how Splunk deals with redirects and my requirement is SSL termination at the load balancer (ELB).
Thanks,
Serge
According to this it appears it can be done.
https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/
Looks like you can specify the front end and backend ports, etc.
Hi
I'm using Splunk 6.4.1 and I would like to put my splunkweb behind an AWS ELB to make the https/ssl stuff easier and I would use this question/answer as a how to, but I'm stuck in the first step... I can't even find "https.conf" and "ssl.conf" in my splunkweb server.
This is the most viewed post about it, but It doesn't receive comments since "Feb 27, 2014 at 02:42 AM" when "sylim [Splunk]" told It would receive a fix in a later version.
Well, two years after... Is there a how to? an explained way to do this?
those are Apache config files and we were using that strategy to integrate sso. I suggest you start a new question and add your version and the architecture you're going for to your question
It is a known issue related to HTTP redirection, SPL-79993 open for the case - the fix will be included in later version. Contact Splunk Support for details.
Hello , Just asking if there was any fix available to do this properly ? I am trying to establish exactly the same functionality and it just doesn't work with any AWS Load Balancer (ALB or ELB).
User Browser using HTTPs on 443 --> Hits Load Balancer --->Forward the traffic to backend nodes on HTTP port 8000 .
Note I have got no issues if I just remove the SSL and simply use HTTP it just works well.
I wold appreciate something to work in 2018 for this solution?
I know following will work as we use it
User Browser <- SSL -> AWS ELB <- HTTPS -> Splunk Web
for this to happen edit your <splunk home>/etc/system/local/web.conf
[settings]
enableSplunkWebSSL = 1
httpport=8000
I am sorry but this is not the right solution and It doesn't work, I exactly tried the same and at the load balancer it just doesn't reach to the instance at all , Although https on port 8000 listens at the instance as I could reach to web UI using that.
But when you configure the Elastic Load Balancer to use SSL and Instance protocol to use HTTPS and port 8000 it just doesn't go beyond the ELB and times out after some time.
Generally speaking, Splunk on port 8000 is the target of a reverse proxy that listens for Splunk on port 443, and it does work. What errors are you getting?
What do the AWS, ELB, EC2, and VPC acronyms stand for?