The HTTP address for the Graylog server is properly set (as explained in How does the web interface connect to the Graylog server?), so it is resolvable and accessible for the load balancer/reverse proxy.The HTTP port of the load balancer/reverse proxy is accessible for clients.If you want to run a load balancer/reverse proxy in front of Graylog, you need to make sure that: Making the web interface work with load balancers/proxies Please take into account that you need to enable JavaScript in order to use Graylog web interface. These browsers are officially supported in Graylog 3.0: We want to provide the best possible experience to everyone, which often means using modern web technology only available in recent browsers, while keeping a reasonable compatibility with old and less-capable browsers. Writing the web interface as a single-page application is a challenging task. Setting http_bind_address to 10.0.0.1:9000 configures the Graylog server with the following URLs. the index.html, CSS and JavaScript files) are accessible at the URI root ( / by default) and the REST API endpoints are accessible at the /api path. If none of the above are defined, used.If http_publish_uri is defined in the Graylog configuration file, this is used if the aforementioned http_external_uri is not set.If http_external_uri is defined in the Graylog configuration file, this is used if the aforementioned header is not set.If the HTTP(S) client going to the web interface port sends a X-Graylog-Server-URL header, which contains a valid URL, then this is overriding everything else.The URI used by the web interface is determined in this exact order: There are several ways how you can define which way the web interface connects to the Graylog server. Therefore it needs to connect to it using HTTP(S). The web interface is fetching all information it is showing from the REST API of the Graylog server. How does the web interface connect to the Graylog server?
The password to unlock the private key used for securing the HTTP interface. The PKCS#8 private key file in PEM format to use for securing the HTTP interface. The X.509 certificate chain file in PEM format to use for securing the HTTP interface. This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping. The size of the thread pool used exclusively for serving the HTTP interface. The maximum size of the HTTP request headers in bytes. Serve web interface assets using compression to reduce overall roundtrip times. If disabled, modern browsers will not be able to retrieve resources from the server. This is necessary for JS-clients accessing the server directly. The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API.Graylog web interface. If not set, $http_publish_uriwill be used. The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface. The network interface used by the Graylog HTTP interface. If our default settings do not work for you, there is a number of options in the Graylog server configuration file which you can change to influence its behavior: This means that Graylog must listen on a public network interface or be exposed to one using a proxy, NAT or a load balancer! Configuration Options
The HTTP address must be accessible by everyone using the web interface.