I want to build a http to https reverse proxy based on nginx for a graylog instance, let's say it's url is graylog.domain.local.
Graylog does NOT serve ssl encrypted connections, just standard http over port 9000. The tricky thing about this is that Graylog makes calls to itself to the url http://graylog.domain.local:9000/api/.
So what I want to achive is this:
- All calls to https://graylog.domain.local:443 are redirected to http://graylog.domain.local:900
- All calls to http://graylog.domain.local:900/api/ are left untouched
This is my config. Opening the webpage looks good. The website now is SSL secured and loads correctly. Unfortunately Graylog greets me with an error, that it cant reach http://10.32.0.109:9000/api/.
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name graylog.domain.local;
location / {
proxy_pass http://localhost:9000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/ssl/graylog.domain.local.crt;
ssl_certificate_key /etc/ssl/graylog.domain.local.pem;
}
server {
listen 80;
listen [::]:80;
server_name graylog.domain.local;
location /api {
}
location / {
return 301 https://$host$request_uri;
}
}
How can I exclude the loaction /api from being redirected to https?
Best Answer
Your config is basically correct except one thing - you forgot the
proxy_passto your localhost to port tcp/9000 inside thelocation /api {}.You should probably also add
rewrite ^/api/(.*)$ /$1 breakline.