Reverse nginx proxy on Wazuh fail to bind port
306 views
Skip to first unread message
Jefferson Macedo
Feb 4, 2023, 9:27:58 AM2/4/23
to Wazuh mailing list
Hello,
.png?part=0.4&view=1)
I followed the "step by step" documentation in order to get Wazuh up and running in my local network. I did choose to use my local DNS wherever it was possible during the installation instead of the IP address. I was able to download the root.ca file and import it to my browser.
The problem is that when it navigate to https + IP address the certificate error persist.
I'm trying to set up a reverse NGINX proxy to redirect everything to the DNS and make it safer, but I'm not succeeding.
This is my file /etc/nginx/sites-available/srv-siem-01.mylocaldomain.com:
server {
listen 80;
server_name srv-siem-01.mylocaldomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name srv-siem-01.mylocaldomain.com;
ssl_certificate /etc/wazuh-dashboard/certs/dashboard.pem;
ssl_certificate_key /etc/wazuh-dashboard/certs/dashboard-key.pem;
location / {
proxy_pass https://192.168.1.5:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
listen 80;
server_name srv-siem-01.mylocaldomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name srv-siem-01.mylocaldomain.com;
ssl_certificate /etc/wazuh-dashboard/certs/dashboard.pem;
ssl_certificate_key /etc/wazuh-dashboard/certs/dashboard-key.pem;
location / {
proxy_pass https://192.168.1.5:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
After restarting nginx, I'm getting the following error and I know it is because the port 443 is already being used by wazuh-dashboard.
If I stop wazuh-dashboard and restart nginx, nginx shows only a "bad gateway" error.
I tried also to change ssl port in the /etc/nginx/sites-available/srv-siem-01.mylocaldomain.com, from 443 to 4443 for example, but it did not help.
My question is how can I make reverse proxy work to have both, DNS and https+IP, trusted by my browser? Is it possible?
This Wazuh installation is not directly exposed to the Internet, so it was not possible to use Let's Encrypt certificate. Also, there is no firewall rules running because ufw and iptables are disabled on the server.
I spent hours digging through posts with this type of error here in the community, but nothing worked and 'm running out of ideas...
I'll be grateful if anyone can share some advices.
Regards,
Jefferson
Message has been deleted
elw...@wazuh.com
Feb 6, 2023, 2:43:49 AM2/6/23
to Wazuh mailing list
Hello Jefferson,
Can you run setsebool -P httpd_can_network_connect 1 when you had the 502 error?
Note that in old Wazuh versions (when Wazuh dashboard/Kibana was running on HTTP by default) and in Splunk as well we use Nginx as reverse-proxy as you can find below:
I hope this helps.
Regards,
Wali
Can you run setsebool -P httpd_can_network_connect 1 when you had the 502 error?
Note that in old Wazuh versions (when Wazuh dashboard/Kibana was running on HTTP by default) and in Splunk as well we use Nginx as reverse-proxy as you can find below:
- https://documentation.wazuh.com/3.9/installation-guide/installing-elastic-stack/protect-installation/kibana_ssl.html?highlight=nginx
- https://documentation.wazuh.com/current/deployment-options/splunk/splunk-reverse-proxy.html
I hope this helps.
Regards,
Wali
Reply all
Reply to author
Forward
0 new messages