Splunk is an awesome tool. Getting the web frontend (aka Splunkweb) working behind a reverse proxy with ssl enabled is not awesome, and nearly totally undocumented.
Here’s how I did it with Lighttpd (ymmv):
Edit $splunk_home/etc/system/local/web.conf, and add the following directives:
SSOMode = permissive
tools.proxy.on = True
tools.proxy.base = https://<your splunk hostname>
Note that I’m not using the Splunk single signon features (SSOMode)
The tools.proxy.base setting will cause Cherrypy to use the correct external hostname for redirects & such. Without this setting, you’ll always be redirected to localhost.
Inside lighttpd.conf, the following configuration did the trick:
$SERVER[“socket”] == “0.0.0.0:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/ssl/your_ssl_cert.pem”
server.name = “www.example.com”
server.document-root = “/srv/www/vhosts/example.com/www/”
}
And then configure the reverse proxy:
proxy.server = ( “” =>
( “splunk” =>
(
“host” => “127.0.0.1”,
“port” => 8000,
“fix-redirects” => 1
)
)
)
Note that this will serve Splunk from the root of the http space. If you want Splunk mounted somewhere else, you’re on your own.
