Splunk behind a Apache reverse proxy
In the last weeks Andreas has tested Splunk in our lab environment. To access the Frontend from outside the lab, i have configured Apache to work as a reverse proxy for Splunk.
- Apache configuration
<VirtualHost www.external.fqdn:443>
<IfModule mod_proxy.c>
ProxyRequests Off
SSLProxyEngine On
ProxyPreserveHost On
</IfModule>
<Location /splunk>
<IfModule mod_proxy.c>
ProxyPass https://1.2.3.4:8000/splunk retry=0
ProxyPassReverse retry=0
</IfModule>
</Location>
</VirtualHost>
-
additional Documentation: mod_proxy – Apache HTTP Server
-
Splunk configuration in Splunk\etc\system\local\web.conf
[settings]
enableSplunkWebSSL = 1
root_endpoint = /splunk
tools.proxy.on = True
additional Documentation
- Splunk behind reverse proxy
- How to access splunk web interface behind Nginx
- BehindApache – CherryPy Tools
- Configuring splunkweb behind an ssl enabled reverse proxy
- Admin Manual – web.conf
- Placing Splunk behind a Web proxy
This setup is not perfect, because it needs SSL to be enabled on the Splunk web frontend. Maybe it is possible to use mod_rewrite to change the URLs between https and http.
As a conclusion some Splunk screenshots. I’m sure Andreas will come up with a few in depth posts about Splunk and monitoring XenApp environments. Collecting log data from vCenter and the ESX hosts is another great use case for Splunk…