Proxying Splunk with SSL with Apache

Posted by David Veuve - 2011-03-22 13:56:28
This is as much for my documentation as for anyone else spending ages searching through Google to find a working solution. I wanted to run Splunk on my personal site, naturally, but I also didn't want Splunk listening to the world on port 8000. It took me a lot of experimentation to find a working solution, but here it is: # cat /opt/splunk/etc/system/local/web.conf

[settings]

root_endpoint = /splunk

tools.proxy.on = True

# cat /opt/splunk/etc/splunk-launch.conf | egrep BINDIP

SPLUNK_BINDIP=127.0.0.1

# cat /etc/httpd/conf.d/ssl.conf | grep splunk

ProxyPass /splunk http://127.0.0.1:8000/splunk

ProxyPassReverse /splunk http://127.0.0.1:8000/splunk

# cat /etc/httpd/conf.d/mysite.conf | grep Rewrite

RewriteEngine On

RewriteRule ^/splunk(.*)$

https://www.davidveuve.com/splunk$1 [R,NC]

The above is a conglomeration of a few different posts that I found. In essence, the apache mysite.conf sets up a redirect of anything from http to https. The ssl.conf sets up the Splunk reverse proxy. The splunk-launch.conf tells Splunk to listen only on 127.0.0.1 and the web.conf tells Splunk that a reverse proxy exists, and that it's going to be using /splunk/en-US instead of /en-US. (Obviously, I've changed my setup in a few other ways to protect the innocent.)

Hopefully this is helpful to someone.. in addition to myself, whenever I do this in the future.