New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem access REST API Browser from GUI #2397

Closed
tachtler opened this Issue Jun 22, 2016 · 2 comments

Comments

Projects
None yet
5 participants
@tachtler

tachtler commented Jun 22, 2016

Hi,

  • Graylog Version: 2.0.3
  • Elasticsearch Version: 2.3.3
  • MongoDB Version: 2.6.11
  • Operating System: CentOS 7.2
  • Browser version: Firefox ESR 45.2.0
  • HTTP-Server: Apache 2.4

graylog 2.0.3 works fine, BUT when I choose in the web gui | System | REST API Browser | a problem with loading the site occurs.

The link behind the REST API Browser are: graylog.domain.tld/api/api-browser

My configuration on Proxy-Apache:

<VirtualHost *:80>
        ServerName graylog.domain.tld
        ServerAlias www.graylog.domain.tld
        ServerPath /

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://192.168.0.110/
        ProxyPassReverse / http://192.168.0.110/
</VirtualHost>

My configuration on graylog-Apache:

<VirtualHost *:80>
        ServerName graylog.domain.tld
        ServerAlias www.graylog.domain.tld
        ServerPath /

        <Location />
                RequestHeader set X-Graylog-Server-URL "http://graylog.domain.tld/api/"
                ProxyPass http://127.0.0.1:9000/
                ProxyPassReverse http://127.0.0.1:9000/
        </Location>
        <Location /api/>
                ProxyPass http://127.0.0.1:12900/
                ProxyPassReverse http://127.0.0.1:12900/
        </Location>
</VirtualHost>

The apache configuration was done, as described here: http://docs.graylog.org/en/latest/pages/configuration/web_interface.html#apache-httpd-2-x

The Browser will display the following site:

graylog_rest_api_browser_problem

And the page source will be the following code:

<!DOCTYPE html>
<html>
<head>
  <title>Graylog REST API browser</title>
  <link href='//fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'/>
  <link href='/api-browser/css/highlight.default.css' media='screen' rel='stylesheet' type='text/css'/>
  <link href='/api-browser/css/screen.css' media='screen' rel='stylesheet' type='text/css'/>
  <script src='/api-browser/lib/shred.bundle.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery-1.8.0.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.slideto.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.wiggle.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.ba-bbq.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/handlebars-1.0.0.js' type='text/javascript'></script>
  <script src='/api-browser/lib/underscore-min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/backbone-min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/swagger.js' type='text/javascript'></script>
  <script src='/api-browser/swagger-ui.js' type='text/javascript'></script>
  <script src='/api-browser/lib/highlight.7.3.pack.js' type='text/javascript'></script>
  <script src='/api-browser/lib/sha256.js'></script>
  <script type="text/javascript">
    var port = window.location.port;
    if (port == '') {
      if (window.location.protocol == 'http') {
        port = 80;
      } else if (window.location.protocol == 'https') {
        port = 443;
      }
    }
    var apiTarget = window.location.protocol + "//" + window.location.hostname + ":" + port;
    $(function () {
      window.swaggerUi = new SwaggerUi({
      url: apiTarget+"/api-docs",
      dom_id: "swagger-ui-container",
      supportedSubmitMethods: ['get', 'post', 'put', 'delete'],
      onComplete: function(swaggerApi, swaggerUi){

        // We are taking the base path of the system API here. This will break if you should ever rename it lol.
        if(swaggerApi.System && apiTarget != swaggerApi.System.basePath) {
          alert("IMPORTANT: Please use the configured REST transport address (" + swaggerApi.System.basePath + ") if you want working examples. " +
                  "This connection to " + apiTarget + " will cause problems with Access-Control-Allow-Origin.");
        }

        if(console) {
          console.log("Loaded SwaggerUI")
        }
        $('pre code').each(function(i, e) {hljs.highlightBlock(e)});
      },
      onFailure: function(data) {
        if(console) {
          console.log("Unable to Load SwaggerUI");
          console.log(data);
        }
      },
      docExpansion: "none"
    });

    var updateApiAuth = function() {
        var user = $('#input_apiUser')[0].value;
        var pass = $('#input_apiPassword')[0].value;
        if(user && user.trim() != "" && pass && pass.trim() != "") {
            window.authorizations.add("basic", new PasswordAuthorization("creds", user, pass));
        }
    };
    $('#input_apiUser').change(updateApiAuth);
    $('#input_apiPassword').change(updateApiAuth);
    window.swaggerUi.load();
  });

  </script>
</head>

<body>
<div id='header'>
  <div class="swagger-ui-wrap">
    <img src="/api-browser/images/toplogo.png">
    <span class="subtitle">REST API browser</span>
    <form id="api_selector">
      <div class="input">
        <input type="text" name="user" id="input_apiUser" placeholder="Username"/>
      </div>
      <div class="input">
        <input type="password" name="password" id="input_apiPassword" placeholder="Password"/>
      </div>
    </form>
  </div>
</div>

<div id="swagger-ui-container" class="swagger-ui-wrap">
</div>

<div id="credits">
    This browser is a customized version of the great
    <a href="https://developers.helloreverb.com/swagger/" target="_blank">Swagger</a> project.
</div>

</body>

</html>

Every link inside the HTML-Code will start with /api-browser and NOT with /api/api-browser.

Maybe this could be the problem, because when i manually enter the URL with /api/api-browser, the href or script scr will be loaded, by the browser.

What did I wrong, on my setup?

Thank you for the help!
Klaus.

@joschi joschi added the bug label Jun 22, 2016

@dennisoelkers dennisoelkers added this to the 2.0.4 milestone Jun 22, 2016

@kroepke kroepke added S3 P4 labels Jun 27, 2016

@kroepke kroepke modified the milestones: 2.1.0, 2.0.4, 2.x Jun 27, 2016

@gruselglatz

This comment has been minimized.

gruselglatz commented Jul 22, 2016

I am facing the same Problem but i get a little bit further now with this Config:
Important is not to set spdy in nginx! If you set it, you will get only sdpy errors

server {
      listen 443 ssl;
      server_name xxxx.local;

      ssl on;
      ssl_certificate /etc/nginx/ca/graylog.crt;
      ssl_certificate_key /etc/nginx/ca/graylog.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12$
      ssl_prefer_server_ciphers on;

      location / {
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Graylog-Server-URL https://xxxxx.local/api;
        proxy_pass          http://127.0.0.1:9000;
      }

      location /api/ {
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;
        proxy_pass          http://127.0.0.1:12900/;
      }

      location /api-browser {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        rewrite ^/api/(.*) /$1 break;
        proxy_pass http://127.0.0.1:12900;
      }

Now i come this far:
chrome_2016-07-22_14-20-05

Maybe the major problem is swagger and the HashBang so the rest of the page is something like https://xyz.local/api-browser#!/Alerts .

swagger-api/swagger-ui#1236
http://www.jenitennison.com/2011/03/06/hash-uris.html
#1576

@joschi joschi modified the milestones: 2.1.0, 2.x Aug 11, 2016

@joschi

This comment has been minimized.

Contributor

joschi commented Aug 11, 2016

This has been addressed by #2634 and will be fixed in Graylog 2.1.0.

@joschi joschi closed this Aug 11, 2016

@kroepke kroepke added triaged and removed triaged labels Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment