Security

Splunk web redirect to FQDN?

edwardrose
Contributor

I was looking around and maybe my googling is the best today, but I cannot seem to find a way to redirect the Splunk webserver. Basically our customers can access our Splunk servers with either the short name:

https://splunkit:8000

Or the FQDN

https://splunkit.mydomain.com:8000

My question is how do I get the Splunk webserver to redirect the short name to the FQDN? We are getting dedicated certs for the Splunk web interface and need customer's to access the FQDN for the certs to be valid. Any help or docs would be awesome thanks.

-ed

0 Karma
1 Solution

acharlieh
Influencer

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

View solution in original post

0 Karma

acharlieh
Influencer

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Agreed. This is something that needs to be configured as part of the larger DNS/FQND setup. As in, this is part of networking configuration for the environment, not Splunk itself.

0 Karma

teunlaan
Contributor

I don't know how to redirect it. You could also create certificates with aliases. Your certificate will be valid for short AND FQDN

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...