Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Graylog/JVM proxy settings not working when proxy basic auth is needed #4594

Closed
schindlerd opened this issue Feb 17, 2018 · 9 comments
Closed

Graylog/JVM proxy settings not working when proxy basic auth is needed #4594

schindlerd opened this issue Feb 17, 2018 · 9 comments
Assignees
Labels
Milestone

Comments

@schindlerd
Copy link

@schindlerd schindlerd commented Feb 17, 2018

My test installation is complaining about “Graylog Enterprise License Violation” and I have to use a proxy to access https://api.graylog.com/report.

Expected Behavior

Access to https://api.graylog.com/report should be possible when proxy with basic-auth is configured.

Current Behavior

The BlueCoat proxy uses basic auth and I didn’t get it working via the http_proxy_uri in the server.conf. Is there a special format to use when proxy-basic-auth is required? My yum.conf for example is successfully using the proxy configuration.

I added the following to the default java options for the JVM:
GRAYLOG_SERVER_JAVA_OPTS="... -Djdk.http.auth.tunneling.disabledSchemes= -Dhttp.proxyUser=user -Dhttp.proxyPassword=password -Dhttp.proxyHost=myproxy -Dhttp.proxyPort=8080 -Dhttps.proxyUser=user -Dhttps.proxyPassword=password -Dhttps.proxyHost=myproxy -Dhttps.proxyPort=8080"

I already added -Djdk.http.auth.tunneling.disabledSchemes= since Java 8u111 basic auth has been disabled by default (http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html).

But I still keep getting HTTP-407:
2018-02-13T21:38:56.046+01:00 WARN [LicenseReportPeriodical] Unable to connect to license server: Failed to authenticate with proxy.
2018-02-13T21:43:55.889+01:00 WARN [LicenseChecker] License violation - Failed to report license status to Graylog, Inc. - consecutive failures: 85, limit: 72

Possible Solution

Steps to Reproduce (for bugs)

  1. Configure proxy with basic auth in server.conf or via JVM options
  2. Restart graylog-server

Context

Your Environment

  • Graylog Version: 2.4.3
  • Elasticsearch Version: 5.6.7
  • MongoDB Version: 3.2
  • Operating System: Oracle Linux 7.4
  • Browser version: Firefox Quantum 58.0.2
@joschi
Copy link
Contributor

@joschi joschi commented Feb 18, 2018

@schindlerd What was the value of http_proxy_uri when you tried using the JVM proxy settings (http.proxyHost etc.)?

@schindlerd
Copy link
Author

@schindlerd schindlerd commented Feb 19, 2018

I used the fully qualified domain name for both options. I tried http_proxy_uri = http://user:password@proxy-fqdn:8080 (environment variable style) and for the Java option I used http.proxyHost=proxy-fqdn.

@joschi
Copy link
Contributor

@joschi joschi commented Feb 19, 2018

@schindlerd Please try again with an empty http_proxy_uri setting and the JVM proxy settings filled.

My guess is that http_proxy_uri would overwrite the JVM settings for the HTTP client being used by Graylog to communicate with the license service, but since it doesn't support proxy credentials right now, it fails to authenticate with the proxy.

@schindlerd
Copy link
Author

@schindlerd schindlerd commented Feb 19, 2018

@joschi That is exactly my current setup :) I'm using only the JVM options and http_proxy_uriis empty.

@schindlerd
Copy link
Author

@schindlerd schindlerd commented Mar 1, 2018

@joschi Any other idea regarding this issue?

Thanks in advance.

@joschi
Copy link
Contributor

@joschi joschi commented Mar 2, 2018

@schindlerd There's currently no workaround.

@joschi joschi added the bug label Mar 2, 2018
@joschi joschi added this to the 3.0.0 milestone Mar 2, 2018
bernd added a commit that referenced this issue Apr 20, 2018
@joschi joschi closed this in #4750 Apr 24, 2018
joschi added a commit that referenced this issue Apr 24, 2018
@bernd
Copy link
Member

@bernd bernd commented Apr 24, 2018

@schindlerd Proxy authentication using basic auth now works. This fix will be in the upcoming 2.4.4 release.

bernd added a commit that referenced this issue Apr 24, 2018
…4750)

Fixes #4594

(cherry picked from commit eec520f)
joschi added a commit that referenced this issue Apr 24, 2018
…4758)

Fixes #4594
Refs #4750
(cherry picked from commit eec520f)
@schindlerd
Copy link
Author

@schindlerd schindlerd commented Apr 24, 2018

Thank you guys! 😀

@schindlerd
Copy link
Author

@schindlerd schindlerd commented May 12, 2018

Hi guys! I don't get it working in our environment. Please see #4788

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants