Splunk Enterprise

[Docker] Splunk Proxy issues

lluke
New Member

Hi All,

 

I have setup Splunk behind a reverse proxy and all works fine when the port used by the proxy to receive traffic is 443, however when the host port in docker-compose is changed and a root_endpoint is being used Splunk returns "404 page not found". 

 

Example 1 - Splunk-Traefik-without-Root-Endpoint

https://gist.github.com/lluked/771a1f7f9bbd8ef2581e8828f3b25f9e

When the proxy (Traefik) host port is mapped to 443, Splunk is accessible at https://localhost:443

 

    ports:
      - "80:80"
      - "443:443"

 

When the proxy (Traefik) host port is mapped to 8443, Splunk is accessible at https://localhost:8443

 

    ports:
      - "80:80"
      - "8443:443"

 

Both of these scenarios work as expected.

 

Example 2 - Splunk-Traefik-with-Root-Endpoint

https://gist.github.com/lluked/438b10a6321ff50feb8d704690a0cafc

When the proxy (Traefik) host port is mapped to 443, Splunk is accessible at https://localhost:443/splunk

 

    ports:
      - "80:80"
      - "443:443"

 

When the proxy (Traefik) host port is mapped to 8443, Splunk returns error 404 at https://localhost:8443/splunk

 

    ports:
      - "80:80"
      - "8443:443"

 

When the proxy (Traefik) host port is mapped to 443, but this is on a vm and a port on the host  is mapped to 443 Splunk returns error 404 again (For example using Vagrant and mapping 8443 on the host to 443 on the vm and visiting https://localhost:8443/splunk )

 

    ports:
      - "80:80"
      - "443:443"
  config.vm.network "forwarded_port", id: "traefik_websecure", host: 8443, guest: 443

 

It's like Splunk is detecting requests are coming from a different port and throwing a 404 but only when  root_endpoint is being used, and I cannot find any documentation relating to this.

 

Please can anyone help?

Labels (2)
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...