Related Answers
Download topic as PDF
Configure splunkd to use your HTTP Proxy Server
You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server.
To set up a proxy server for splunkd, you can either configure Splunk's proxy variables in server.conf or configure the REST endpoints.
This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:
- Access to Splunkbase via Splunk Web
- Splunk external lookups
- Actions that make a REST API call to an external service outside of a firewall
Edit server.conf to configure splunkd to work with your server proxy
[proxyConfig] http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.> no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">
Use REST endpoints to configure splunkd to work with your server proxy
You can also configure splunkd to work with your HTTP proxy server by modifying the /services/server/httpsettings/proxysettings REST endpoint. To set variables using a REST endpoint, you must have the edit_server capability.
Create the [proxyConfig] stanza:
curl -k /services/server/httpsettings/proxysettings --data name="proxyConfig"
Write to the stanza:
curl -k /services/server/httpsettings/proxysettings/proxyConfig --data "http_proxy=....&https_proxy=...&no_proxy=...."
Read from stanza:
curl -k /services/server/httpsettings/proxysettings/proxyConfig
Delete the stanza:
curl -k -X DELETE /services/server/httpsettings/proxysettings/proxyConfig
For more details and example requests and responses, see server/httpsettings/proxysettings and server/httpsettings/proxysettings/proxyConfig in the REST API Reference.
Configure clusters to work with a proxy
To use the proxy server for communication in an indexer cluster or search head cluster, update the following additional settings in server.conf.
[clustering] register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a slave will be available for accepting replication data. This is useful in the cases where a slave host machine has multiple interfaces and only one of them can be reached by another splunkd instance> Only valid for mode=slave
[shclustering] register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a member will be available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance.>
|
PREVIOUS Install and configure your HTTP Proxy Server for splunkd |
NEXT Best practices when configuring an HTTP Proxy Server for splunkd |
This documentation applies to the following versions of Splunk® Enterprise: 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1
Comments
Hi Tpeveler and Ccrayto,
Thanks for pointing this out. I've added a note about the proxy limitations to this topic as well as a few related topics. I will continue to update information as we find it.
Please update this documentation page so that it specifically points out that this configuration for enabling Splunk to Splunk communication through a Proxy. The settings documented here do not work for accessing Splunkbase via the UI nor do they work when you have a Splunk external lookup or Splunk custom alert action that is makes a REST Api Call to an external service outside of a firewall.
I have been unable to get this working for checking apps in the UI. I set up the proxy variables in server.conf, but still get errors when the Splunk UI needs to go through authenticated proxy. As most companies who care about security use authenticated proxies, it should not require Google searches and calls to support to figure out how to configure them.
Could you please clarify proxy configuration for a search head cluster? Current documentation seems to imply that `register_replication_address` somehow enables proxy use for cluster communications and if it is not specified cluster comms are not proxied.
I had http_proxy configured on my servers and `splunk bootstrap shcluster-captain` was failing with `socket_error=Resource temporarily unavailable`. It started working when I added local domain to `no_proxy`. This seems to indicate that setting `http_proxy` is enough to enable proxying for cluster communications.