Getting Graylog onto the internet

A while back I had made a small post about getting Graylog running on Windows. It was fun, as it’s just JAVA so you know it should be portable, and other than some weird disk access thing it does seem to run fine.

Of course, the next step is to create a dashboard to replace what I used on wp-statistics, as it was crashing taking up 100% of my CPU, and exceeding PHP’s 12GB of RAM per process limit. You know things are messed up when I’m replacing you with not one, but 2 Java apps! (Graylog & Opensearch).

magical dashboard

It’s by no means perfect, but the guide How to se -up graylog geoip configuration, is all around great to have. The rest of it is me learning how to do aggregate searches, and simple lists, to see latest hits, 404’s and count the pages and build a graph.

Again, this is all good, now for the real question, how to get this onto the Internet?!

The firs thing to do is enable cors.. It’s for being on the internet!

http_enable_cors = true

Next enable the external URI name

http_external_uri = https://dash.board.com/

And now the changes I had to make in my haproxy config

frontend http-in
        acl host_graylog hdr(host) -i dash.board.com
        http-request set-uri %[path,regsub(/api/api,/api)] if host_graylog
        use_backend graylog if host_graylog

backend graylog
        option forwardfor
        http-request add-header X-Forwarded-Host %[req.hdr(host)]

        acl bad_ct path_end .js
        http-response set-header Content-Type application/javascript if bad_ct

        http-request set-header X-Graylog-Server-URL http://192.168.33.5:9000
        server graylog 192.168.23.33:9000 maxconn 20 check

I kind of wish I saved the logs while going crazy but YES for some reason it’ll try to reference itself as /api/api. I don’t know why, so I had to do some uri regex to fix that. Neat!

Next for some reason Graylog responds that all .js (javascript) files are actually text. Chrome doesn’t allow that to work, so yes you need to set the content type header to “application/javascript” for Chrome to be happy.

I had wasted over an hour with this and couldn’t get it working. So, I walked away for a few hours, and it suddenly was working. I think Cloudflare was doing some caching against it.

This is probably too terse to be really useful, and I lost all the pages I was reading about setting stuff in haproxy as I was doing that incognito. Oops. I picked this config out of fragments from five other people’s stuff. There is other considerations to host it on a subdirectory of a public site, but I just wanted to K.I.S.S.

Migrating Windows 2003 servers to Proxmox/VE

So I’ve had this Microsoft Virtual Server 2005 install that has been chugging along since.. Well 2005. On hardware we scrounged around at work from 2000. So as you can gather, it’s getting OLD. Real old.

So now after a panic, we are finally at the crossroads of what to do from here.

Now most people would expect us to just “migrate” the server to Hyper-V but there is some major shortfalls I’ve had with Hyper-V. First you can’t remotely manage it very easily. God help you if you are on the road, on a notebook, or even… On your parents computer. The idea that you must be on a domain, and install some 300MB+++ file is totally insane, and completely unacceptable.

The other catastrophic issue we’ve had is that running the x64 version of OpenBSD has been met with failure so that enterprise is virtually over.

So, let’s revisit Proxmox VE.

Now to start small, I’m going to migrate the 2003 domain controller. Luckily it’s configured for IDE disks (phew!) and basically doesn’t do anything else other then act as a DC. The steps to do this in a quick and easy manner is something like this:

1 Remove those blasted MS extensions! You can ONLY do this while you are under MS Virtual Server. Really. I expect this also holds true for Hyper-V.

2 Next run the mergeide.reg, file which will tell 2003 (probably 2000 and above…) to enable all the IDE controller types on boot, so you don’t get locked out…

3 Next download and install this GREAT program, selfimage (sorry for the lame download thing), and go ahead and run it.

Make sure you set the source to being a WHOLE DISK, not a partition… Start with the C drive. (I always try to get the OS going before going after data drives & whatnot….).

Next you can set the target to NBD and point it to your proxmox server, and set the port to 1024.

I didn’t know this, but NBD is a network block device! So instead of playing with intermediate disks, formats, and all this other painful crap, we can instead basically dd from one disk to another over the network, with little effort. I would imagine for the WindowsPE crowd this would be a massive win, to say image disks out of other servers, or even LIVE servers.. Although if it were SQL I sure would shut down the database server at this time.

On the proxmox server go ahead and create a ‘destination’ VM, that you will copy the VM into. It’s recommended you make the destination disk larger then the source disk, so there isn’t any nasty rounding errors.

Now putty into the proxmox machine, and then you have to launch the nbd server. The syntax is something like this:

qemu-nbd -t /var/lib/vz/images/xxx/vm-xxx-disk.qcow2

The filename may be slightly different, so don’t sweat it too much, but basically you are telling qemu-nbd to ‘serve’ this virtual disk.

With all of this in place, you can now hit the start button on the SelfImage application and it’ll start to block copy!

I have a slow network where I’m doing this so it took me about an hour to do 32GB.

Once it is done, you can terminate qemu-nbd with a Control+C, then try to start up the VM on Proxmox.

Two things I ran into:

Some error about processor.sys, and a 0x000000CE error code. For me the easy way out of this is to shut down the VM, and re-configure it to disable KVM. In this mode it will be SLOW. But once booted up, you can issue the following from a command prompt:

sc config processor start= disabled

Shut down the VM, turn on KVM, and start it up again. Also the start= isn’t a typo, it really is entered that way.

The other error I had was a INTERNAL_POWER_ERROR blue screen. I tried playing with the ACPI, and some other stuff to no avail. The only way to seemingly ‘fix’ it was booting up again with KVM disabled, and when I tried to login, windows immediately started to shutdown.. Re-enabling the KVM option then let me boot normally. I’m still a little lost as to what this was all about.

So with all the little stops here & there, my VM is now running on Proxmox VE.