Problem access REST API Browser from GUI

[tachtler]

Hi,

• Graylog Version: 2.0.3
• Elasticsearch Version: 2.3.3
• MongoDB Version: 2.6.11
• Operating System: CentOS 7.2
• Browser version: Firefox ESR 45.2.0
• HTTP-Server: Apache 2.4

graylog 2.0.3 works fine, BUT when I choose in the web gui | System | REST API Browser | a problem with loading the site occurs.

The link behind the REST API Browser are: graylog.domain.tld/api/api-browser

My configuration on Proxy-Apache:

<VirtualHost *:80>
        ServerName graylog.domain.tld
        ServerAlias www.graylog.domain.tld
        ServerPath /

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://192.168.0.110/
        ProxyPassReverse / http://192.168.0.110/
</VirtualHost>

My configuration on graylog-Apache:

<VirtualHost *:80>
        ServerName graylog.domain.tld
        ServerAlias www.graylog.domain.tld
        ServerPath /

        <Location />
                RequestHeader set X-Graylog-Server-URL "http://graylog.domain.tld/api/"
                ProxyPass http://127.0.0.1:9000/
                ProxyPassReverse http://127.0.0.1:9000/
        </Location>
        <Location /api/>
                ProxyPass http://127.0.0.1:12900/
                ProxyPassReverse http://127.0.0.1:12900/
        </Location>
</VirtualHost>

The apache configuration was done, as described here: http://docs.graylog.org/en/latest/pages/configuration/web_interface.html#apache-httpd-2-x

The Browser will display the following site:

And the page source will be the following code:

<!DOCTYPE html>
<html>
<head>
  <title>Graylog REST API browser</title>
  <link href='//fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'/>
  <link href='/api-browser/css/highlight.default.css' media='screen' rel='stylesheet' type='text/css'/>
  <link href='/api-browser/css/screen.css' media='screen' rel='stylesheet' type='text/css'/>
  <script src='/api-browser/lib/shred.bundle.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery-1.8.0.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.slideto.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.wiggle.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/jquery.ba-bbq.min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/handlebars-1.0.0.js' type='text/javascript'></script>
  <script src='/api-browser/lib/underscore-min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/backbone-min.js' type='text/javascript'></script>
  <script src='/api-browser/lib/swagger.js' type='text/javascript'></script>
  <script src='/api-browser/swagger-ui.js' type='text/javascript'></script>
  <script src='/api-browser/lib/highlight.7.3.pack.js' type='text/javascript'></script>
  <script src='/api-browser/lib/sha256.js'></script>
  <script type="text/javascript">
    var port = window.location.port;
    if (port == '') {
      if (window.location.protocol == 'http') {
        port = 80;
      } else if (window.location.protocol == 'https') {
        port = 443;
      }
    }
    var apiTarget = window.location.protocol + "//" + window.location.hostname + ":" + port;
    $(function () {
      window.swaggerUi = new SwaggerUi({
      url: apiTarget+"/api-docs",
      dom_id: "swagger-ui-container",
      supportedSubmitMethods: ['get', 'post', 'put', 'delete'],
      onComplete: function(swaggerApi, swaggerUi){

        // We are taking the base path of the system API here. This will break if you should ever rename it lol.
        if(swaggerApi.System && apiTarget != swaggerApi.System.basePath) {
          alert("IMPORTANT: Please use the configured REST transport address (" + swaggerApi.System.basePath + ") if you want working examples. " +
                  "This connection to " + apiTarget + " will cause problems with Access-Control-Allow-Origin.");
        }

        if(console) {
          console.log("Loaded SwaggerUI")
        }
        $('pre code').each(function(i, e) {hljs.highlightBlock(e)});
      },
      onFailure: function(data) {
        if(console) {
          console.log("Unable to Load SwaggerUI");
          console.log(data);
        }
      },
      docExpansion: "none"
    });

    var updateApiAuth = function() {
        var user = $('#input_apiUser')[0].value;
        var pass = $('#input_apiPassword')[0].value;
        if(user && user.trim() != "" && pass && pass.trim() != "") {
            window.authorizations.add("basic", new PasswordAuthorization("creds", user, pass));
        }
    };
    $('#input_apiUser').change(updateApiAuth);
    $('#input_apiPassword').change(updateApiAuth);
    window.swaggerUi.load();
  });

  </script>
</head>

<body>
<div id='header'>
  <div class="swagger-ui-wrap">
    <img src="/api-browser/images/toplogo.png">
    <span class="subtitle">REST API browser</span>
    <form id="api_selector">
      <div class="input">
        <input type="text" name="user" id="input_apiUser" placeholder="Username"/>
      </div>
      <div class="input">
        <input type="password" name="password" id="input_apiPassword" placeholder="Password"/>
      </div>
    </form>
  </div>
</div>

<div id="swagger-ui-container" class="swagger-ui-wrap">
</div>

<div id="credits">
    This browser is a customized version of the great
    <a href="https://developers.helloreverb.com/swagger/" target="_blank">Swagger</a> project.
</div>

</body>

</html>

Every link inside the HTML-Code will start with /api-browser and NOT with /api/api-browser.

Maybe this could be the problem, because when i manually enter the URL with /api/api-browser, the href or script scr will be loaded, by the browser.

What did I wrong, on my setup?

Thank you for the help!
Klaus.

[gruselglatz]

I am facing the same Problem but i get a little bit further now with this Config:
Important is not to set spdy in nginx! If you set it, you will get only sdpy errors

server {
      listen 443 ssl;
      server_name xxxx.local;

      ssl on;
      ssl_certificate /etc/nginx/ca/graylog.crt;
      ssl_certificate_key /etc/nginx/ca/graylog.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12$
      ssl_prefer_server_ciphers on;

      location / {
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Graylog-Server-URL https://xxxxx.local/api;
        proxy_pass          http://127.0.0.1:9000;
      }

      location /api/ {
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;
        proxy_pass          http://127.0.0.1:12900/;
      }

      location /api-browser {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        rewrite ^/api/(.*) /$1 break;
        proxy_pass http://127.0.0.1:12900;
      }

Now i come this far:

Maybe the major problem is swagger and the HashBang so the rest of the page is something like https://xyz.local/api-browser#!/Alerts .

swagger-api/swagger-ui#1236
http://www.jenitennison.com/2011/03/06/hash-uris.html
#1576

[joschi]

This has been addressed by #2634 and will be fixed in Graylog 2.1.0.