I am trying to configure an NGINX-proxy that will forward all requests from a Universal Forwarder to the Deploymentserver in my Splunk-cluster. I have tried to follow the examples that are available on the internet as wel as on Splunkbase. However, I run into an error which I can't seem to solve.
My setup is as follows:
A windows machine running the Universal Forwarder (version 7.1.2 x64)
A CentOS 7.5 machine running Splunk as a deploymentserver (version 7.2.0)
A CentOS 7.5 machine running NGINX (version 1.12.2)
When I connect the Universal Forwarder directly to the deploymentserver, everything works fine. But when I connect with the NGINX-proxy, the communication breaks down.
NGINX reports a '502 Bad Gateway' and the deploymentserver reports
'WARN HttpListener - Socket error from 10.101.0.243:40076 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'