Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why am I getting errors with my Apache proxy and Splunk configuration running on the same server?

rccscalum
Loves-to-Learn
‎10-15-2014 03:42 PM

I have an Apache proxy running on the same server (CentOS 6) as Splunk (v 6.1.4).

My proxy config looks like:

ProxyPass /splunk http://127.0.0.1:8001/splunk 
ProxyPassReverse /splunk http://127.0.0.1:8001/splunk

Splunk is running on port 8001 because something else is already running on port 8000.

In my /opt/splunk/etc/system/local/web.conf I have:

httpport = 8001
root_endpoint = /splunk
enableSplunkWebSSL = True
tools.proxy.on = True (I have tried both True and False here)
trustedIP=127.0.0.1

After I restart both Apache and Splunk, I get the following in my browser:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /splunk.

Reason: Error reading from remote server

In my logs I am getting the following:

(104)Connection reset by peer: proxy: error reading status line from remote server 127.0.0.1
proxy: Error reading from remote server returned by /splunk

I have port 8001 open through IP tables. I have been following the documentation from the Splunk but nothing seems to be working. Any help will be greatly appreciated.

0 Karma
Reply

czzpl9
New Member
‎03-11-2015 09:13 AM

You have a mismatch in protocols there. You have told splunk to use SSL (enableSplunkWebSSL = True) but your proxy is set to just do http.

So either update the splunk web.conf to have
enableSplunkWebSSL = False

Or in your Apache update the config to be:

SSLProxyEngine On
ProxyPass /splunk https://127.0.0.1:8001/splunk
ProxyPassReverse /splunk https://127.0.0.1:8001/splunk

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...