I have an Apache proxy running on the same server (CentOS 6) as Splunk (v 6.1.4).
My proxy config looks like:
ProxyPass /splunk http://127.0.0.1:8001/splunk
ProxyPassReverse /splunk http://127.0.0.1:8001/splunk
Splunk is running on port 8001 because something else is already running on port 8000.
In my /opt/splunk/etc/system/local/web.conf I have:
httpport = 8001
root_endpoint = /splunk
enableSplunkWebSSL = True
tools.proxy.on = True (I have tried both True and False here)
trustedIP=127.0.0.1
After I restart both Apache and Splunk, I get the following in my browser:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /splunk.
Reason: Error reading from remote server
In my logs I am getting the following:
(104)Connection reset by peer: proxy: error reading status line from remote server 127.0.0.1
proxy: Error reading from remote server returned by /splunk
I have port 8001 open through IP tables. I have been following the documentation from the Splunk but nothing seems to be working. Any help will be greatly appreciated.
You have a mismatch in protocols there. You have told splunk to use SSL (enableSplunkWebSSL = True) but your proxy is set to just do http.
So either update the splunk web.conf to have
enableSplunkWebSSL = False
Or in your Apache update the config to be:
SSLProxyEngine On
ProxyPass /splunk https://127.0.0.1:8001/splunk
ProxyPassReverse /splunk https://127.0.0.1:8001/splunk