Howdy!
I have wondered around the topic within Splunk community for a while, but did not find a definite answer. So this time I hope there's at least 1 decent setup around. Well, that is - after this is discussed through.
Anywho, here is my config. See, I have tried a bunch of configs. I do know there's some overlap on 001-proxy.conf for directories.
At the moment, the problem seems to be that session gets immediately expired (at least it says so on web browser). It allows me to give credentials and so on, but after hitting enter on password it yells "Session Expired".
My goal is simple: **have 2 search heads behind 1 apache reverse proxy.** Loadbalancing is optional :)
**001-proxy.conf**:
ProxyRequests Off
ProxyPreserveHost On
BalancerMember http://firstsearchhead.ip:8000
BalancerMember http://secondsearchhead.ip:8000
AllowOverride None
Order deny,allow
Allow from all
ProxySet lbmethod=byrequests
ProxyPass /en-US balancer://searchheads/en-US
ProxyPassReverse /en-US balancer://searchheads/en-US
ProxyPass /static balancer://searchheads/static
ProxyPassReverse /static balancer://searchheads/static
ProxyPass /manager balancer://searchheads/manager
ProxyPassReverse /manager balancer://searchheads/manager
ProxyPass / balancer://searchheads/
ProxyPassReverse / balancer://searchheads/
ProxyPassReverseCookiePath / /
**web.conf** Search head configuration on - both heads have the same config except the tools proxy base IP, as below:
[settings]
x_frame_options_sameorigin = False
#tools.proxy.on = True
#root_endpoint = /splunk
#root_endpoint = /
#SSOMode = permissive
#trustedIP = 127.0.0.1, proxy.ip.here.too
appServerPorts = 0
enableSplunkWebSSL = 0
tools.sessions.timeout = 4320
tools.proxy.on = True
SSOMode = permissive
tools.proxy.base = http://searchhead.ip:8000 (<- This one is actually different/unique per search head)
Anyone who really knows how this should be implemented, please shine with your thoughts here!
I would appreciate this much.
↧