Security
Highlighted

Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

Engager

We have an AWS configuration where the splunk server is running on an EC2 instance within a VPC. splunkweb is using HTTP. To prove that we can access splunkweb, we have an ELB entry that listens on HTTP port 80 and redirects to splunk on HTTP port 8000. This works fine.

Now what we want to do is to make the ELB listen on HTTPS port 443 and redirect to splunk on HTTP port 8000, i.e.
    User Browser <- SSL -> AWS ELB <- HTTP -> Splunk Web

Basically let AWS ELB handle the SSL from the outside, and within the VPC, splunk will continue to use HTTP to save the extra crypto effort. However this doesn't work.

Is there a recommended way to achieve this?

Thanks,
JT

Tags (4)
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

Super Champion

Generally speaking, Splunk on port 8000 is the target of a reverse proxy that listens for Splunk on port 443, and it does work. What errors are you getting?
What do the AWS, ELB, EC2, and VPC acronyms stand for?

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

I know following will work as we use it

User Browser <- SSL -> AWS ELB <- HTTPS -> Splunk Web

for this to happen edit your <splunk home>/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
httpport=8000
0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

New Member

I am sorry but this is not the right solution and It doesn't work, I exactly tried the same and at the load balancer it just doesn't reach to the instance at all , Although https on port 8000 listens at the instance as I could reach to web UI using that.

But when you configure the Elastic Load Balancer to use SSL and Instance protocol to use HTTPS and port 8000 it just doesn't go beyond the ELB and times out after some time.

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

Splunk Employee
Splunk Employee

It is a known issue related to HTTP redirection, SPL-79993 open for the case - the fix will be included in later version. Contact Splunk Support for details.

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

New Member

Hello , Just asking if there was any fix available to do this properly ? I am trying to establish exactly the same functionality and it just doesn't work with any AWS Load Balancer (ALB or ELB).

User Browser using HTTPs on 443 --> Hits Load Balancer --->Forward the traffic to backend nodes on HTTP port 8000 .

Note I have got no issues if I just remove the SSL and simply use HTTP it just works well.

I wold appreciate something to work in 2018 for this solution?

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

SplunkTrust
SplunkTrust

Until SPL-79993 is corrected in a newer release, here's how we did it:

https request on port 443 <-> AWS ELB Front End Port 443 (ssl terminates) <-> AWS ELB Back End Port 8000 <-> Apache Reverse Proxy (new ssl request created) <-> SplunkWeb (new ssl request terminated).

Below are the configurations that made this work for us:

/etc/httpd/conf/httpd.conf #redirect 80 to 443

Listen 80
<VirtualHost *:80>
ServerName website.com
Redirect permanent / https://website.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf # load ssl module, proxypass web_root "/" to https://localhost:8000, and define ssl cert

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName website.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/website.crt
SSLCertificateKeyFile /etc/httpd/ssl/website.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/website.key
caCertPath = /etc/httpd/ssl/website.crt

We also enabled shibboleth.sso but that isnt shown above. Just mentioning in case someone else wants to message me for those details as well.

Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

Path Finder

Hi

I'm using Splunk 6.4.1 and I would like to put my splunkweb behind an AWS ELB to make the https/ssl stuff easier and I would use this question/answer as a how to, but I'm stuck in the first step... I can't even find "https.conf" and "ssl.conf" in my splunkweb server.
This is the most viewed post about it, but It doesn't receive comments since "Feb 27, 2014 at 02:42 AM" when "sylim [Splunk]" told It would receive a fix in a later version.
Well, two years after... Is there a how to? an explained way to do this?

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

SplunkTrust
SplunkTrust

those are Apache config files and we were using that strategy to integrate sso. I suggest you start a new question and add your version and the architecture you're going for to your question

0 Karma
Highlighted

Re: Using AWS HTTPS ELB with EC2 Splunk Web on HTTP port 8000

New Member

So it seems we are over 2 years down the line since the last comment on this subject and its still not working or then I have missed something ?

Its such a basic thing however.

0 Karma