The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
- Top News
- Everything
SplunkUser posted a discussionHow to setup Windows Authentiacation on splunk
Any information on how to do Windows Authentication on splunkSee More
Jim Kaufmann posted a blog postFortigate Firewall Support
I need some assistance from someone who has set this up. I have asked Splunk's infamous technical surprise and they flat out won't help us! We are a small company with limited resources. Can someone please help us out or point us in the right direction. I don't normally bash a vendor, but I have never ever been subjected to a company which is so intent on pushing their “professional” services for a quick buck! We pay and enormous amount of money for renewals and haven't received anything…See More
Configuring Apache as a reverse proxy to Splunk
My company has a demo VM running WebSphere Portal, and I also put Splunk on that server to help me troubleshoot it remotely much more efficiently. However, the only public traffic allowed into that VM is over ports 80 and 443.
That VM already has an instance of Apache (IBM HTTP Server actually) running, and the WebSphere plugin makes it function as a reverse proxy to WebSphere Application Server. It's configuration handles it's own set of URIs, so I needed to make Apache handle the ones for Splunk.
As far as I've been able to tell, Splunk URIs all start with en-US, static, or manager. So, this has worked perfectly for me so far:
ProxyRequests Off
ProxyPass /en-US http://127.0.0.1:8000/en-US
ProxyPassReverse /en-US http://127.0.0.1:8000/en-US
ProxyPass /static http://127.0.0.1:8000/static
ProxyPassReverse /static http://127.0.0.1:8000/static
ProxyPass /manager http://127.0.0.1:8000/manager
ProxyPassReverse /manager http://127.0.0.1:8000/manager
Of course you'll need the Apache proxy modules enabled:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
That VM already has an instance of Apache (IBM HTTP Server actually) running, and the WebSphere plugin makes it function as a reverse proxy to WebSphere Application Server. It's configuration handles it's own set of URIs, so I needed to make Apache handle the ones for Splunk.
As far as I've been able to tell, Splunk URIs all start with en-US, static, or manager. So, this has worked perfectly for me so far:
ProxyRequests Off
ProxyPass /en-US http://127.0.0.1:8000/en-US
ProxyPassReverse /en-US http://127.0.0.1:8000/en-US
ProxyPass /static http://127.0.0.1:8000/static
ProxyPassReverse /static http://127.0.0.1:8000/static
ProxyPass /manager http://127.0.0.1:8000/manager
ProxyPassReverse /manager http://127.0.0.1:8000/manager
Of course you'll need the Apache proxy modules enabled:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
-
Comment by Sasha on November 16, 2009 at 2:56pm -
A more compact version of the Apache2 directives would be:
ProxyRequests off
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
Additionally, the following must be set in the Splunk 4.x web.conf:
tools.proxy.on = True
(Glad to get it finally working.)
-
Comment by Dave Jones on November 16, 2009 at 3:02pm -
Sasha,
That is more compact if you want to forward ALL requests to Splunk. However, I have other apps running behind that same instance of Apache, so I had to selectively proxy.
But thanks for pointing out that it can be made simpler if you only need to proxy to Splunk.
Dave
-
Comment by Sasha on November 16, 2009 at 3:14pm
-
True.
In that case, you might as well isolate Splunk in its own 'directory' via the following configuration directives:
Apache configuration:
ProxyPass /splunk http://127.0.0.1:8000/splunk
ProxyPassReverse /splunk http://127.0.0.1:8000/splunk
Splunk web.conf configuration:
root_endpoint = /splunk
tools.proxy.on = True
-
Comment by Sasha on November 16, 2009 at 3:15pm
-
Additionally, thanks for your comment on serverfault!
-
Comment by Dave Jones on November 16, 2009 at 3:20pm
-
I'd completely overlooked root_endpoint. I should've looked for that option knowing that the Splunk devs have thought of far more obscure settings. Thanks!
-
Comment by Keith Lawson on February 1, 2010 at 11:37am
-
I am still having problems getting Splunk 4 to recognize a Reverse Proxy with .htpasswd file authentication. Can you see if you can get it working your system. With Splunk 3 this worked fine with the following httpd.conf
ServerAdmin root@localhost
ServerName server.company.com
ServerAlias server
ProxyPass / http://server:8000/
ProxyPassReverse / http://server:8000/
ErrorLog logs/splunk-error_log
CustomLog logs/splunk-access_log common
Order deny,allow
Deny from all
Allow from all
AuthName "server"
AuthType Basic
AuthUserFile /var/www/.htpasswd.splunk
Require valid-user
I have tried multiple configurations with changes to httpd.conf, web.conf, splunk-launch.conf. Like I said it worked before version 4 and now it will not. All we want the web site to be redirected via an https/ssl proxy authentication to provide some sort of security to the free splunk. Any suggestions would be appreciated. Thanks!
Comment
© 2013 Created by Michael Wilde.
You need to be a member of splunkninja to add comments!
Join splunkninja