Security
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Using apache ssl reverse proxy in front of splunk ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using apache ssl reverse proxy in front of splunk web 6.2.1?
huntd
Engager
02-25-2015
03:24 PM
So I have a config where I have a few web services running on the same machine, and I use httpd listening on 443 to distribute the requests. Httpd handles the SSL connection to/from the client, and uses regular http to talk to the locally-running services over lo.
I've also read every post I can find on this issue, and none of them have helped fix this.
Specifically, when I hit a splunk URL that generates a redirect, splunk attempts to redirect the browser using a document.location statement in the page itself:
document.location = "http://myserver.xyz/splunk/en-US/" + hashTag;\n
where "myserver.xyz" is actually the correct FQDN. This fails b/c nothing is listening for http externally.
If I hit a splunk URL that doesn't generate a redirect, I get the page I was expecting.
Based on what I've read, here's my web.conf for splunk:
[settings]
enableSplunkWebSSL = 0
httpport = 8800
root_endpoint = /splunk
tools.proxy.base = https://myserver.xyz
And my httpd config:
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /splunk http://internal:8800/splunk
ProxyPassReverse /splunk http://internal:8800/splunk
Location /splunk>
Order allow,deny
Allow from all
/Location>
where "internal" is the local machine hostname; and the Location block uses proper syntax (wikimarkup is breaking the opening '<' along with the newlines; the preview works fine, so what is that about?!?).
Based on everything I've read, this should work. So why does splunk still issue redirects back to the http:// URL?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
phwinkler
Explorer
10-10-2015
12:14 PM
This is working for me (enable SSL for splunk and use ProxyPass with https):
Apache Config (using https):
ProxyPass https://123.123.123.123:8000/splunk retry=60 timeout=300 ttl=600 flushwait=600
ProxyPassReverse https://123.123.123.123:8000/splunk
Splunks web.conf:
enableSplunkWebSSL = 1
privKeyPath = etc/auth/splunkweb/privkey.pem
caCertPath = etc/auth/splunkweb/cert.pem
supportSSLV3Only = False
I'd rather not have to encrypt/decrypt everything twice but at least it works..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rafamss
Contributor
07-22-2016
01:06 PM
Worked fine to me!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pduflot
Path Finder
07-02-2015
08:36 AM
I have the same problem here. Did you find how to make it work? Does anybody have an answer?
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
