|
I have tried to configure a reverse proxy (using nginx) to Splunk but not work correctly. Splunk and proxy server are in the same machine. When accessing to Splunk by proxy the browser is redirectet to localhost:8000 and not work. Using the same proxy server to access other web services work fine. I have also setting the parameter tools.proxy.on to True but behavior not change. The problem was found on Linux and also Windows. My Splunk version is the latest (4.1.3). This is my web.conf (in etc/system/local) What's wrong? Thanks |
|
Greetings, We're using Splunk 4 (4.1.6 build 89596) and wanted to setup forward proxy, where the proxy is on a separate machine. Most of the other examples I found assumed the proxy and splunk run on the same server. The main issue with doing this is that Splunk really wants to redirect the user directly to itself. The worst bit is that does the redirect using HTML, not any HTTP headers. (If it used HTTP headers, then Apache's mod_proxy could do the rewrite (Possibly the module mod_proxy_html can rewrite the HTML for you, but I haven't tried this). Dear splunk developers, it would be cool if you could fix the redirection method :) ). I found that when you set 'tools.proxy.on = True' then Splunk assumes that the Web/Proxy server is running locally on the same server as the Splunk. In this case, it keeps redirecting to 127.0.0.1. Therefore, if you are running a separate Web/Proxy server, then you do NOT want to set this (leave it blank, or set 'tools.proxy.on = false'). Our solution was to set /opt/splunk/etc/system/local/web.conf like this: Then on the separate machine running Apache (we actually are using Apache with SSL) the lines we added to the existing mod_proxy configuration were: Enjoy! Kind regards, Dave Seddon dave at seddon ca |
|
I would suspect that you want tools.proxy.on = False Also, the root_endpoint says that splunk will be served from :8000/splunk. Exclude that parameter if that's not what you want. I'd try hitting the URL http://myserver:8000/splunk |
