How to Configure Splunk Behind NGINX Reverse Proxy

Splunk is a very popular option for managing and handling logs. Configuring Splunk with nginx reverse proxy can be a headache sometimes. Considering that splunk has been installed correctly and currently serving the web GUI at

Before getting into nginx configuration, splunk itself needs a little bit of configuring. Find web.conf file at ${SPLUNK_HOME}/etc/system/local/ and open it with a text editor – (create the file if it doesn’t exist)

nano ${SPLUNK_HOME}/etc/system/local/web.conf


${SPLUNK_HOME} is the root directory where splunk is installed, it’s not an environment variable.

add the following lines to the file and save it

root_endpoint = /
tools.proxy.on = True
enableSplunkWebSSL = 0

Once these configurations are in place, create a server block in nginx with the following content

server {
	listen 80;


    location / {
            proxy_pass_request_headers on;
            proxy_set_header x-real-IP $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header host $host;

Now, create a symlink to this server block in sites-enabled directory and reload the Nginx server.

sudo nginx -s reload

To verify that the configuration works, visit –


Leave a Comment