Splunk is a very popular option for managing and handling logs. Configuring Splunk with nginx reverse proxy can be a headache sometimes. Considering that splunk has been installed correctly and currently serving the web GUI at http://127.0.0.1:8000

Before getting into nginx configuration, splunk itself needs a little bit of configuring. Find web.conf file at ${SPLUNK_HOME}/etc/system/local/ and open it with a text editor – (create the file if it doesn’t exist)

nano ${SPLUNK_HOME}/etc/system/local/web.conf

NOTE

${SPLUNK_HOME} is the root directory where splunk is installed, it’s not an environment variable.

add the following lines to the file and save it

[settings]
root_endpoint = /
tools.proxy.on = True
enableSplunkWebSSL = 0

Once these configurations are in place, create a server block in nginx with the following content

server {
	listen 80;

	server_name splunk.yourdomain.com;

    location / {
            proxy_pass_request_headers on;
            proxy_set_header x-real-IP $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header host $host;
            proxy_pass http://127.0.0.1:8000/;
    }
}

Now, create a symlink to this server block in sites-enabled directory and reload the Nginx server.

sudo nginx -s reload

To verify that the configuration works, visit – http://splunk.yourdomain.com

Enjoy!