Inter-node communication must use system http provider #4905
Comments
|
This applies to 3.0 as well. |
bernd
added a commit
that referenced
this issue
Jul 13, 2018
This can be used to bypass a configured proxy server for a list of hostnames or IP addresses. It must be used if the inter-node communication between graylog servers should not go through a configured proxy server. The matcher implementation for the "http_non_proxy_hosts" is similar to the implementation that is used for the "http.nonProxyHosts" system property. (only the delimiter is "," instead of "|" for consistency) By using a similar implementation, it will be possible to also set the system property in the future. (if needed - tbd) Fixes #4905 Fixes #4392
kroepke
added a commit
that referenced
this issue
Jul 16, 2018
This can be used to bypass a configured proxy server for a list of hostnames or IP addresses. It must be used if the inter-node communication between graylog servers should not go through a configured proxy server. The matcher implementation for the "http_non_proxy_hosts" is similar to the implementation that is used for the "http.nonProxyHosts" system property. (only the delimiter is "," instead of "|" for consistency) By using a similar implementation, it will be possible to also set the system property in the future. (if needed - tbd) Fixes #4905 Fixes #4392 (This needs to be cherry-picked into 2.4 once merged)
bernd
added a commit
that referenced
this issue
Jul 16, 2018
This can be used to bypass a configured proxy server for a list of hostnames or IP addresses. It must be used if the inter-node communication between graylog servers should not go through a configured proxy server. The matcher implementation for the "http_non_proxy_hosts" is similar to the implementation that is used for the "http.nonProxyHosts" system property. (only the delimiter is "," instead of "|" for consistency) By using a similar implementation, it will be possible to also set the system property in the future. (if needed - tbd) Fixes #4905 Fixes #4392 (cherry picked from commit 979787e)
bernd
added a commit
that referenced
this issue
Jul 16, 2018
This can be used to bypass a configured proxy server for a list of hostnames or IP addresses. It must be used if the inter-node communication between graylog servers should not go through a configured proxy server. The matcher implementation for the "http_non_proxy_hosts" is similar to the implementation that is used for the "http.nonProxyHosts" system property. (only the delimiter is "," instead of "|" for consistency) By using a similar implementation, it will be possible to also set the system property in the future. (if needed - tbd) Fixes #4905 Fixes #4392 (cherry picked from commit 979787e)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When setting
htty_proxy_uriin Graylog this setting is being used by node-to-node communication as well, because the wrong http provider is used.https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/rest/RemoteInterfaceProvider.java#L37 should be using the
@Named("systemHttpClient")to make sure no http proxy is being used.Alternatively we could introduce a second HTTP proxy uri setting that is being used for the inter-node communication, but we've never had any requests for this.
Duplicate in copied issue for threat intel: #4392
The text was updated successfully, but these errors were encountered: