my current ~/system/local/web.conf is configured as
[settings]
httpport = 8080
mgmtHostPort = 127.0.0.1:28502
root_endpoint = /
enableSplunkWebSSL = true
And my apache httpd.conf
<"Location/splunksup">
Order allow,deny
Allow from all
<"/Location">
ProxyPass / https://192.168.1.1:8080/
ProxyPassReverse / https:/192.168.1.1:8080/
Sorry to be a party-pooper...
This is your scenario;
User Brower <--Non SSL--> Reverse Proxy Server <--- SSL ---> Splunk
- web.conf [settings] httpport = 8080 mgmtHostPort = 127.0.0.1:28502 root_endpoint = / enableSplunkWebSSL = true # This attribute is required for a browser's insecure session tools.sessions.secure = False
For more information, please visit a spec file;
- web.conf.spec
tools.sessions.secure = [True | False]
* If set to True and Splunkweb is configured to server requests using HTTPS
(see the enableSplunkWebSSL setting) then the browser will only transmit
the session cookie over HTTPS connections, increasing session security
* Defaults to True
Sorry to be a party-pooper...
This is your scenario;
User Brower <--Non SSL--> Reverse Proxy Server <--- SSL ---> Splunk
- web.conf [settings] httpport = 8080 mgmtHostPort = 127.0.0.1:28502 root_endpoint = / enableSplunkWebSSL = true # This attribute is required for a browser's insecure session tools.sessions.secure = False
For more information, please visit a spec file;
- web.conf.spec
tools.sessions.secure = [True | False]
* If set to True and Splunkweb is configured to server requests using HTTPS
(see the enableSplunkWebSSL setting) then the browser will only transmit
the session cookie over HTTPS connections, increasing session security
* Defaults to True
The reason that Splunk doesn't work with your reverse proxy is that there is a bug where using a reverse proxy w/ SSL enabled will result in redirects to login page, not a successful login(SPL-58866). This is something that has recently been discovered and there is not a fix available at the time. The issue dates back to at least 4.3.4.
thanks JB!!!