So I have a config where I have a few web services running on the same machine, and I use httpd listening on 443 to distribute the requests. Httpd handles the SSL connection to/from the client, and uses regular http to talk to the locally-running services over lo.
I've also read every post I can find on this issue, and none of them have helped fix this.
Specifically, when I hit a splunk URL that generates a redirect, splunk attempts to redirect the browser using a document.location statement in the page itself:
document.location = "http://myserver.xyz/splunk/en-US/" + hashTag;\n
where "myserver.xyz" is actually the correct FQDN. This fails b/c nothing is listening for http externally.
If I hit a splunk URL that doesn't generate a redirect, I get the page I was expecting.
Based on what I've read, here's my web.conf for splunk:
enableSplunkWebSSL = 0
httpport = 8800
root_endpoint = /splunk
tools.proxy.base = https://myserver.xyz
And my httpd config:
ProxyPass /splunk http://internal:8800/splunk
ProxyPassReverse /splunk http://internal:8800/splunk
Allow from all
where "internal" is the local machine hostname; and the Location block uses proper syntax (wikimarkup is breaking the opening '<' along with the newlines; the preview works fine, so what is that about?!?).
Based on everything I've read, this should work. So why does splunk still issue redirects back to the http:// URL?
This is working for me (enable SSL for splunk and use ProxyPass with https):
Apache Config (using https):
ProxyPass https://184.108.40.206:8000/splunk retry=60 timeout=300 ttl=600 flushwait=600 ProxyPassReverse https://220.127.116.11:8000/splunk
enableSplunkWebSSL = 1 privKeyPath = etc/auth/splunkweb/privkey.pem caCertPath = etc/auth/splunkweb/cert.pem supportSSLV3Only = False
I'd rather not have to encrypt/decrypt everything twice but at least it works..