docker-splunk icon indicating copy to clipboard operation
docker-splunk copied to clipboard

Published 20 hours ago verified publisher icon splunk

Traefik Proxy issues

Open lluked opened this issue 3 years ago • 0 comments
trafficstars

Hi All,

I have setup Splunk behind Traefik with docker-compose and I'm noticing some issues with TLS when the host port of instance is changed to a port other than 443 and a root_endpoint is being used. If these conditions are met Splunk returns "404 page not found".

Example 1 - Splunk-Traefik-without-Root-Endpoint

https://gist.github.com/lluked/771a1f7f9bbd8ef2581e8828f3b25f9e

When the proxy (Traefik) host port is mapped to 443, Splunk is accessible at https://localhost:443

ports:
  - "443:443"

When the proxy (Traefik) host port is mapped to 8443, Splunk is accessible at https://localhost:8443

ports:
  - "8443:443"

Both of these scenarios work as expected.

Example 2 - Splunk-Traefik-with-Root-Endpoint

https://gist.github.com/lluked/438b10a6321ff50feb8d704690a0cafc

A root_endpoint has now been introduced.

When the proxy (Traefik) host port is mapped to 443, Splunk is accessible at https://localhost:443/splunk

ports:
  - "443:443"

When the proxy (Traefik) host port is mapped to 8443, Splunk returns error 404 at https://localhost:8443/splunk

ports:
  - "8443:443"

Splunk now does not work with the forwarded port.

Example 3 - Splunk-Traefik-with-Root-Endpoint (Port Forwarding)

Continuing on from Example 2 when the proxy (Traefik) host port is mapped to 443, but this is on a vm and a port on the hypervisor is mapped to 443 Splunk returns error 404 again (For example using Vagrant and mapping 8443 on the host to 443 on the vm and visiting https://localhost:8443/splunk)

config.vm.network "forwarded_port", id: "traefik_websecure", host: 8443, guest: 443

ports:
  - "443:443"

Example 4 - Splunk-Traefik-with-Root-Endpoint (No TLS)

If TLS is removed from the configuration everything works fine again.

When the proxy (Traefik) host port is mapped to 443, Splunk is accessible at http://localhost:443/splunk

ports:
  - "443:443"

When the proxy (Traefik) host port is mapped to 8443, Splunk is accessible at http://localhost:8443/splunk

ports:
  - "8443:443"

In Example 2 I have also noticed when accessing https://localhost:8443/splunk the page is getting forwarded to http://localhost:8443/splunk/en-GB/ it looks like it's changing from https to http, this would suggest it's a proxy issue but I do know this configuration has worked for other applications and I don't know what is causing this behaviour with Splunk. Also it's weird that that when no root_endpoint is defined as in Example 1 everything is resolved as it should.

Please can anyone help?

lluked avatar Apr 28 '22 09:04 lluked