Whitenoise

Setting up Graylog behind Traefik (SSL with Let’s Encrypt). LDAP auth through FreeIPA.

Introduction

David Fava

David Fava


LATEST POSTS

How to remove unused Docker images. 24th September, 2018

Run containers with docker-compose and view logs 14th August, 2018

Linux

Setting up Graylog behind Traefik (SSL with Let’s Encrypt). LDAP auth through FreeIPA.

Posted on .

Graylog is a powerful open source log management platform. We are going to set up a simple installation with docker-compose.

We will also add and encryption layer to the UI with with a free Let’s Encrypt SSL certificate.

Services are assumed to be hosted at:

We will have two indipendent docker-compose.yml files for traefik and graylog because in our setup traefik acts as a proxy a number of independent services.  However, you could run all services from one single file if you wanted.

We assume that you have docker and docker-compose correctly installed in your system.

Traefik

Create the following folders structure:

Enter traefik folder and create the following files:

Edit traefk.toml with your favorite text editor and paste the following:

Replace YOURDOMAIN.COM and YOUR_EMAIL with your own.

Edit rules.toml :

Now, edit docker-compose.ymland add the following text:

Generate CREDENTIALS with the following command:

Where <AUTH-USER> and <AUTH-PASS> will be your credential to access traefik dashboard.

Now run docker-compose up and you should be able to access traefik dashboard on traefik.YOURDOMAIN.COM

Graylog

Enter graylog folder and create the required sub-folders and files:

Edit graylog.conf and replace the rest_listen_uri and web_listen_uri with the following:

Edit docker-compose.yml:

Now run docker-compose up and you should be able to access graylog UI at graylog.YOURDOMAIN.COM with admin username and password defined in the graylog.conf file.

LDAP and FreeIPA

We assume that you have standard FreeIPA installation.

Navigate to system/authentication/config/legacy-ldap in Graylog and enter the following information.

Server configuration:

Tick StartTSL

Leave System Username and System Passoword blank.

User mapping:

Now try to test the login and save if successful.

David Fava

David Fava

There are no comments.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

View Comments (0) ...
Navigation