Why does my configuration not work for Splunk 5 proxy behind nginx, but does work behind apache?

Path Finder

I'm trying to implement this for oauth:

Before using that, I tried simple proxying with nginx.
Here is my nginx config which does not work:

server {
    listen 443 default ssl;
    ssl on;
    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    add_header Strict-Transport-Security max-age=1209600;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;

That doesn't work and seem to direct back to

This is my apache config which works:

<VirtualHost *:80>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ProxyPreserveHost On
    ProxyPass /cgi-bin !
    ProxyPass / retry=0
    ProxyPassReverse / retry=0

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


This is my web.conf file:

enableSplunkWebSSL = 0
tools.sessions.timeout = 4320
enable_autocomplete_login = True
tools.proxy.on = True
SSOMode = permissive
tools.proxy.base =

Using splunk 5

Anything I'm doing wrong?

Tags (2)
0 Karma

New Member

I spent a few hours on this and got this working. I wanted to share as I'm both a fan of NGINX and Splunk. I am using NGINX v1.6.2 and Splunk (on Windows) v6.2.2

Your Site .conf file referenced in nginx.conf

server {
        listen <IP-Address-of-NGINX-For-Splunk>:80;
        server_name <URL-You-Set-In-DNS-For-Splunk>;
        location / {
        # Redirect to HTTPS
        return 301 https://$server_name$request_uri;

server {
        listen <IP-Address-of-NGINX-For-Splunk>:443 ssl;
        server_name <URL-You-Set-In-DNS-For-Splunk>;
     #Resolve HTTP Error 414 Request-URI-Too-Large
        large_client_header_buffers 6 16k;
     #Certificate & Key .PEM Format
        ssl_certificate /etc/ssl/<name-of-cert>.crt;
        ssl_certificate_key /etc/ssl/<name-of-key>.key;
        ssl_dhparam /etc/ssl/<name-of-DH-key>.dh;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/ssl/alk-splunk02.oscp;
        include sites.common;
        location / {
            proxy_pass_request_headers on;
            proxy_set_header x-real-IP $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header host $host;
            proxy_pass https://<IP-Address-of-Your-Splunk-Server>:8000;

A+ Rating on SSL Labs provided you have a SHA256 Cert from trusted CA and intermediates provided inside .crt file
This is sites.common:

     #OSCP Stapling
        resolver <DNS-Server-IP-1-You-Want> <DNS-Server-IP-2-You-Want> valid=300s;
        resolver_timeout 5s;

     #Cipher Specification and Session Cache
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL';
        proxy_ssl_session_reuse off;
0 Karma