Skip to content

Instantly share code, notes, and snippets.

@deangrant

deangrant/graylog.conf.j2

Created November 24, 2022 08:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deangrant/606833b0fb251b28f2fc961e7218845d to your computer and use it in GitHub Desktop.
Save deangrant/606833b0fb251b28f2fc961e7218845d to your computer and use it in GitHub Desktop.
Download ZIP
Template configuration to configure nginx reverse proxy for graylog
Raw
graylog.conf.j2
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name {{ nginx_server_name }};
rewrite ^ https://$server_name$request_uri? permanent;
#return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ nginx_server_name }};
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL {{ graylog_http_external_uri }};
proxy_pass http://127.0.0.1:9000;
}
ssl_certificate /etc/letsencrypt/live/{{ nginx_server_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ nginx_server_name }}/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
access_log /var/log/nginx/graylog.access.log;
error_log /var/log/nginx/graylog.error.log;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/{{ nginx_server_name }}/chain.pem;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment