Traefik 2 & Graylog

lachnerd · May 11, 2020, 2:51pm

Hi there,

i have graylog behind traefik v2.1 let's say under "graylog.mydomain.com".
Traefik is listening on Port 80 and 443 and redirecting 80 to 443.
It's SSL secured with a Wildcard Lets Encrypt Certificate for "*.mydomain.com".

Can i add transparent TCP Routers for different Input-Streams without opening specific Ports on the graylog-service.

For example:

TCP on app01.mydomain.com:443 -> that gets to Port 50001
TCP on app02.mydomain.com:443 -> that gets to Port 50002
...

I get some TCP Routes but they are not working.
If i open Port 50001 on my graylog Service i can output some testdata to it but only with open Ports.
Not over 443 or even 80.

Is this even possible or am i doing completely wrong here?

Any help is appreciated.

cakiwi · May 11, 2020, 5:04pm

Hi @lachnerd

Yes that sounds like a normal use case for TCP router. Care to share your config ?

lachnerd · May 12, 2020, 9:44am

Hi @cakiwi,

sure - i managed to get a little bit further with my problem.

If i use the following config:

traefik.enable: 'true'
# http web  80
traefik.http.routers.graylog-web.rule: Host(`graylog.mydomain.com`)
traefik.http.routers.graylog-web.middlewares: redirect@file
traefik.http.routers.graylog-web.entrypoints: web
# http websecure 443
traefik.http.routers.graylog-websecure.rule: Host(`graylog.mydomain.com`)
traefik.http.routers.graylog-websecure.tls: 'true'
traefik.http.routers.graylog-websecure.entrypoints: websecure 
traefik.http.routers.graylog-websecure.middlewares: graylogheader@file,errorhandler@file,compress@file
traefik.http.services.graylog-websecure.loadbalancer.passHostHeader: 'true'
traefik.http.services.graylog-websecure.loadbalancer.server.port: '9000'
# tcp
traefik.tcp.routers.log-test-router.rule: HostSNI(`*`)
traefik.tcp.routers.log-test-router.service: log-test-service
# use port 80
traefik.tcp.routers.log-test-router.entrypoints: web
# port of graylog input is listening to
traefik.tcp.services.log-test-service.loadbalancer.server.port: '50101'

And test it with:

echo -e '{"version": "1.1","host":"example.org","short_message":"Short message","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}\0' | nc -w 1 test.mydomain.com 80

I get proper inputs on the received messages in my graylog backend that is configured to port 50101 - seems to work fine.

but if i use:

# tcp
traefik.tcp.routers.log-test-router.rule: HostSNI(`test.mydomain.com`)
traefik.tcp.routers.log-test-router.service: log-test-service
# use port 80
traefik.tcp.routers.log-test-router.entrypoints: web
# port of graylog input is listening to
traefik.tcp.services.log-test-service.loadbalancer.server.port: '50101'

i get the following

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

But finally i want this also to get working over TLS.

lachnerd · May 12, 2020, 10:04am

i think i found an answer in traefik docs

cakiwi · May 12, 2020, 12:00pm

Yes, routing on hostname with TCP only works with TLS.

Topic		Replies	Views
Using Both http and tcp in traefik routing Traefik v2 (latest) tcp	5	2542	May 5, 2021
Http2 with http and tcp routers Traefik v2 (latest) tcp	2	455	December 28, 2023
[SOLVED] Using Traefik before Varnish with proxyProtocol Traefik v2 (latest) file , tcp	11	3603	May 9, 2021
Beats with TLS with Graylog4 behind Traefik v2.5.5 Traefik v2 (latest) tcp	0	304	January 17, 2022
Traefik behind nginx Traefik v2 (latest) tcp	2	2740	April 12, 2020

Traefik 2 & Graylog

Related Topics