Proxying Splunk with SSL with Apache

Posted by David Veuve - 2011-03-22 13:56:28
This is as much for my documentation as for anyone else spending ages searching through Google to find a working solution. I wanted to run Splunk on my personal site, naturally, but I also didn't want Splunk listening to the world on port 8000. It took me a lot of experimentation to find a working solution, but here it is: # cat /opt/splunk/etc/system/local/web.conf


root_endpoint = /splunk

tools.proxy.on = True

# cat /opt/splunk/etc/splunk-launch.conf | egrep BINDIP


# cat /etc/httpd/conf.d/ssl.conf | grep splunk

ProxyPass /splunk

ProxyPassReverse /splunk

# cat /etc/httpd/conf.d/mysite.conf | grep Rewrite

RewriteEngine On

RewriteRule ^/splunk(.*)$$1 [R,NC]

The above is a conglomeration of a few different posts that I found. In essence, the apache mysite.conf sets up a redirect of anything from http to https. The ssl.conf sets up the Splunk reverse proxy. The splunk-launch.conf tells Splunk to listen only on and the web.conf tells Splunk that a reverse proxy exists, and that it's going to be using /splunk/en-US instead of /en-US. (Obviously, I've changed my setup in a few other ways to protect the innocent.)

Hopefully this is helpful to someone.. in addition to myself, whenever I do this in the future.