Splunk is a fantastic tool, but it is also very expensive for personal use. (3000USD/Year for a 500MB/Day license)
Luckily they provide a free version, too bad it doesn’t support log in, so if you want to make Splunk available on the internet, everyone who knows your port can check out your logs, convenient, i know.
I wanted to make a little login screen so not everyone could get on and read what version all of my programs run on and what i commands i last did in .bash_history.
This is what i ended up with in apache
First you need to enable mod_proxy for apache if you haven’t already, then you can proceed to make a file called something and put it in /etc/apache2/sites-available/
It should contain a modified version of this (this one is mine, but i feel i learn best by example so maybe others do too):
<virtualhost *:80> ServerAdmin firstname.lastname@example.org ServerAlias splunk.slashdir.com ProxyPass / http://127.0.0.1:8008/ ProxyPassReverse / http://127.0.0.1:8008/ </virtualhost> <proxy http://127.0.0.1:8008/*> Order deny,allow Deny from all Allow from all AuthName "splunk" AuthType Basic AuthUserFile /home/evotech/public_www/.htpasswd Require valid-user </proxy>
*Server Alias also needs to be in your DNS so it points to your servers IP.
*Change ProxyPass / ProxyPassReverse / proxy port to your splunk port, by default this is 8000
*make your htpasswd file by running the command
htpasswd -c .htpasswd usernamein console
After you have succesfully made the file, do a
ln -s /etc/apache2/sites-available/yourfile /etc/apache2/sites-enabled/yourfile so apache sees the setup.
service apache2 restart
And i added these rules to iptables to block everything but localhost(127.0.0.1) to access my splunk port (so you cannot access the original splunk setup, but must go through apache)
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p tcp --dport 8008 -j DROP
If not, refer to your