We have an AWS configuration where the splunk server is running on an EC2 instance within a VPC. splunkweb is using HTTP. To prove that we can access splunkweb, we have an ELB entry that listens on HTTP port 80 and redirects to splunk on HTTP port 8000. This works fine.
Now what we want to do is to make the ELB listen on HTTPS port 443 and redirect to splunk on HTTP port 8000, i.e.
User Browser <- SSL -> AWS ELB <- HTTP -> Splunk Web
Basically let AWS ELB handle the SSL from the outside, and within the VPC, splunk will continue to use HTTP to save the extra crypto effort. However this doesn't work.
Is there a recommended way to achieve this?
Generally speaking, Splunk on port 8000 is the target of a reverse proxy that listens for Splunk on port 443, and it does work. What errors are you getting?
What do the AWS, ELB, EC2, and VPC acronyms stand for?
I know following will work as we use it
User Browser <- SSL -> AWS ELB <- HTTPS -> Splunk Web
for this to happen edit your
[settings] enableSplunkWebSSL = 1 httpport=8000
I am sorry but this is not the right solution and It doesn't work, I exactly tried the same and at the load balancer it just doesn't reach to the instance at all , Although https on port 8000 listens at the instance as I could reach to web UI using that.
But when you configure the Elastic Load Balancer to use SSL and Instance protocol to use HTTPS and port 8000 it just doesn't go beyond the ELB and times out after some time.
It is a known issue related to HTTP redirection, SPL-79993 open for the case - the fix will be included in later version. Contact Splunk Support for details.
Hello , Just asking if there was any fix available to do this properly ? I am trying to establish exactly the same functionality and it just doesn't work with any AWS Load Balancer (ALB or ELB).
User Browser using HTTPs on 443 --> Hits Load Balancer --->Forward the traffic to backend nodes on HTTP port 8000 .
Note I have got no issues if I just remove the SSL and simply use HTTP it just works well.
I wold appreciate something to work in 2018 for this solution?
Until SPL-79993 is corrected in a newer release, here's how we did it:
https request on port 443 <-> AWS ELB Front End Port 443 (ssl terminates) <-> AWS ELB Back End Port 8000 <-> Apache Reverse Proxy (new ssl request created) <-> SplunkWeb (new ssl request terminated).
Below are the configurations that made this work for us:
/etc/httpd/conf/httpd.conf #redirect 80 to 443
Listen 80 <VirtualHost *:80> ServerName website.com Redirect permanent / https://website.com/ </VirtualHost>
/etc/httpd/conf.d/ssl.conf # load ssl module, proxypass web_root "/" to https://localhost:8000, and define ssl cert
LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> ServerName website.com ProxyPass / https://127.0.0.1:8000/ ProxyPassReverse / https://127.0.0.1:8000/ SSLEngine On SSLCertificateFile /etc/httpd/ssl/website.crt SSLCertificateKeyFile /etc/httpd/ssl/website.key SSLProxyEngine on SSLProxyVerify none </VirtualHost>
[settings] enableSplunkWebSSL = 1 privKeyPath = /etc/httpd/ssl/website.key caCertPath = /etc/httpd/ssl/website.crt
We also enabled shibboleth.sso but that isnt shown above. Just mentioning in case someone else wants to message me for those details as well.
I'm using Splunk 6.4.1 and I would like to put my splunkweb behind an AWS ELB to make the https/ssl stuff easier and I would use this question/answer as a how to, but I'm stuck in the first step... I can't even find "https.conf" and "ssl.conf" in my splunkweb server.
This is the most viewed post about it, but It doesn't receive comments since "Feb 27, 2014 at 02:42 AM" when "sylim [Splunk]" told It would receive a fix in a later version.
Well, two years after... Is there a how to? an explained way to do this?
those are Apache config files and we were using that strategy to integrate sso. I suggest you start a new question and add your version and the architecture you're going for to your question
So it seems we are over 2 years down the line since the last comment on this subject and its still not working or then I have missed something ?
Its such a basic thing however.