New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Graylog/JVM proxy settings not working when proxy basic auth is needed #4594

Closed
schindlerd opened this Issue Feb 17, 2018 · 9 comments

Comments

Projects
None yet
4 participants
@schindlerd

schindlerd commented Feb 17, 2018

My test installation is complaining about “Graylog Enterprise License Violation” and I have to use a proxy to access https://api.graylog.com/report.

Expected Behavior

Access to https://api.graylog.com/report should be possible when proxy with basic-auth is configured.

Current Behavior

The BlueCoat proxy uses basic auth and I didn’t get it working via the http_proxy_uri in the server.conf. Is there a special format to use when proxy-basic-auth is required? My yum.conf for example is successfully using the proxy configuration.

I added the following to the default java options for the JVM:
GRAYLOG_SERVER_JAVA_OPTS="... -Djdk.http.auth.tunneling.disabledSchemes= -Dhttp.proxyUser=user -Dhttp.proxyPassword=password -Dhttp.proxyHost=myproxy -Dhttp.proxyPort=8080 -Dhttps.proxyUser=user -Dhttps.proxyPassword=password -Dhttps.proxyHost=myproxy -Dhttps.proxyPort=8080"

I already added -Djdk.http.auth.tunneling.disabledSchemes= since Java 8u111 basic auth has been disabled by default (http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html).

But I still keep getting HTTP-407:
2018-02-13T21:38:56.046+01:00 WARN [LicenseReportPeriodical] Unable to connect to license server: Failed to authenticate with proxy.
2018-02-13T21:43:55.889+01:00 WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 85, limit: 72

Possible Solution

Steps to Reproduce (for bugs)

  1. Configure proxy with basic auth in server.conf or via JVM options
  2. Restart graylog-server

Context

Your Environment

  • Graylog Version: 2.4.3
  • Elasticsearch Version: 5.6.7
  • MongoDB Version: 3.2
  • Operating System: Oracle Linux 7.4
  • Browser version: Firefox Quantum 58.0.2
@joschi

This comment has been minimized.

Contributor

joschi commented Feb 18, 2018

@schindlerd What was the value of http_proxy_uri when you tried using the JVM proxy settings (http.proxyHost etc.)?

@schindlerd

This comment has been minimized.

schindlerd commented Feb 19, 2018

I used the fully qualified domain name for both options. I tried http_proxy_uri = http://user:password@proxy-fqdn:8080 (environment variable style) and for the Java option I used http.proxyHost=proxy-fqdn.

@joschi

This comment has been minimized.

Contributor

joschi commented Feb 19, 2018

@schindlerd Please try again with an empty http_proxy_uri setting and the JVM proxy settings filled.

My guess is that http_proxy_uri would overwrite the JVM settings for the HTTP client being used by Graylog to communicate with the license service, but since it doesn't support proxy credentials right now, it fails to authenticate with the proxy.

@schindlerd

This comment has been minimized.

schindlerd commented Feb 19, 2018

@joschi That is exactly my current setup :) I'm using only the JVM options and http_proxy_uriis empty.

@schindlerd

This comment has been minimized.

schindlerd commented Mar 1, 2018

@joschi Any other idea regarding this issue?

Thanks in advance.

@joschi

This comment has been minimized.

Contributor

joschi commented Mar 2, 2018

@schindlerd There's currently no workaround.

@joschi joschi added the bug label Mar 2, 2018

@joschi joschi added this to the 3.0.0 milestone Mar 2, 2018

bernd added a commit that referenced this issue Apr 20, 2018

@joschi joschi closed this in #4750 Apr 24, 2018

joschi added a commit that referenced this issue Apr 24, 2018

@bernd

This comment has been minimized.

Member

bernd commented Apr 24, 2018

@schindlerd Proxy authentication using basic auth now works. This fix will be in the upcoming 2.4.4 release.

bernd added a commit that referenced this issue Apr 24, 2018

joschi added a commit that referenced this issue Apr 24, 2018

@schindlerd

This comment has been minimized.

schindlerd commented Apr 24, 2018

Thank you guys! 😀

@schindlerd

This comment has been minimized.

schindlerd commented May 12, 2018

Hi guys! I don't get it working in our environment. Please see #4788

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment