- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Using apache ssl reverse proxy in front of splunk ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using apache ssl reverse proxy in front of splunk web 6.2.1?
So I have a config where I have a few web services running on the same machine, and I use httpd listening on 443 to distribute the requests. Httpd handles the SSL connection to/from the client, and uses regular http to talk to the locally-running services over lo.
I've also read every post I can find on this issue, and none of them have helped fix this.
Specifically, when I hit a splunk URL that generates a redirect, splunk attempts to redirect the browser using a document.location statement in the page itself:
document.location = "http://myserver.xyz/splunk/en-US/" + hashTag;\n
where "myserver.xyz" is actually the correct FQDN. This fails b/c nothing is listening for http externally.
If I hit a splunk URL that doesn't generate a redirect, I get the page I was expecting.
Based on what I've read, here's my web.conf for splunk:
[settings]
enableSplunkWebSSL = 0
httpport = 8800
root_endpoint = /splunk
tools.proxy.base = https://myserver.xyz
And my httpd config:
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /splunk http://internal:8800/splunk
ProxyPassReverse /splunk http://internal:8800/splunk
Location /splunk>
Order allow,deny
Allow from all
/Location>
where "internal" is the local machine hostname; and the Location block uses proper syntax (wikimarkup is breaking the opening '<' along with the newlines; the preview works fine, so what is that about?!?).
Based on everything I've read, this should work. So why does splunk still issue redirects back to the http:// URL?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is working for me (enable SSL for splunk and use ProxyPass with https):
Apache Config (using https):
ProxyPass https://123.123.123.123:8000/splunk retry=60 timeout=300 ttl=600 flushwait=600
ProxyPassReverse https://123.123.123.123:8000/splunk
Splunks web.conf:
enableSplunkWebSSL = 1
privKeyPath = etc/auth/splunkweb/privkey.pem
caCertPath = etc/auth/splunkweb/cert.pem
supportSSLV3Only = False
I'd rather not have to encrypt/decrypt everything twice but at least it works..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worked fine to me!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem here. Did you find how to make it work? Does anybody have an answer?
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
