Use Graylog behind NGINX for HTTPS

Update base OS and Install NGINX

sudo apt update && sudo apt upgrade -y
sudo apt install nginx

Unlink the default config

sudo unlink /etc/nginx/sites-enabled/default

Using your preferred text editor, create a new config file at /etc/nginx/sites-available/

I named my config file graylog. Adjust the following config and paste it in:

server
{
    listen  443 ssl http2;
    server_name graylog.example.org;

    #Your SSL Cert Locations
	ssl_certificate /etc/ssl/certs/your_SSL_cert;
	ssl_certificate_key /etc/ssl/private/your_SSL_cert_private_key;

    #Disable NGINX current version reporting on error pages
    server_tokens off;

    #Force Strong Encryptions
    ssl_protocols	TLSv1.3;
    ssl_prefer_server_ciphers	on;

    #Disable weak ciphers
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

    location /
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/;
      proxy_pass    http://127.0.0.1:9000;
    }
}

Link the config file from /etc/nginx/sites-available to /etc/nginx/sites-enabled

sudo ln -s /etc/nginx/sites-available/graylog /etc/nginx/sites-enabled/graylog

Test the NGINX config. If the config is good, restart the NGINX server.

sudo nginx -t
sudo systemctl restart nginx

Now when you navigate to the Graylog webGUI using server address's FQDN, you will see that it is connecting through HTTPS.