CODEWITHSUNDEEP
nginxapache-nifinginx-reverse-proxy
Madiha
Madiha

Reputation: 125

Running Apache NiFi behind Nginx

I am trying to use nginx as reverse proxy to connect to nifi. I'm using the below flow: local machine -> http -> NGINX -> https -> Secure NiFi

Below are my nifi.properties configuration: 

nifi.web.https.host=localhost
 nifi.web.https.port=8443
 nifi.web.https.network.interface.default=
 nifi.web.jetty.working.directory=./work/jetty
 nifi.web.jetty.threads=200
 nifi.web.max.header.size=16 KB
 nifi.web.proxy.context.path=/nifi/
 nifi.web.proxy.host=localhost:8443
 nifi.remote.input.host=localhost
 nifi.remote.input.secure=true

Below are my nginx configuration: 

 server {
         listen       81;
         server_name  localhost;
     location /nifi/ {

        proxy_ssl_certificate     C:/nifi-toolkit-1.7.1/target/nifi-cert.pem;
        proxy_ssl_certificate_key C:/nifi-toolkit-1.7.1/target/nifi-key.key;
        proxy_ssl_server_name on;

        proxy_pass https://localhost:8443;
        proxy_set_header X-ProxyScheme "https";
        proxy_set_header X-ProxyHost $http_host;
        proxy_set_header X-ProxyPort 8443;
        proxy_set_header X-ProxyContextPath "";
        root   html;
        index  index.html index.htm;
    }

    location /nifi-api/{

        proxy_ssl_certificate     C:/nifi-toolkit-1.7.1/target/nifi-cert.pem;
        proxy_ssl_certificate_key C:/nifi-toolkit-1.7.1/target/nifi-key.key;
        proxy_ssl_server_name on;

        proxy_set_header X-ProxyScheme "https";
        proxy_set_header X-ProxyHost $http_host;
        proxy_set_header X-ProxyPort 443;
        proxy_set_header X-ProxyContextPath "";
        proxy_pass https://localhost:8443/nifi-api/;
 }
}

When I try to access nifi over nginx i get the below error in error.logs: 

2018/09/25 15:41:55 [error] 100964#77892: *27 upstream timed out (10060: A `connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "POST /nifi-api/access/oidc/exchange HTTP/1.1", upstream: "https://[::1]:8443/nifi-api/access/oidc/exchange", host: "localhost:81", referrer: "http://localhost:81/nifi/"`

Below are the errors I get in my browser when I hit the url :http://localhost:81/nifi/

upstream timed out while calling nifi over nginx via https

Is there any configuration settings that I am missing. Any help will be appreciated.

Thank you in advance.

Upvotes: 5

Views: 9294

Answers (2)

B1naryC0DE
B1naryC0DE

Reputation: 1

As echo pointed, your X-ProxyContextPath should be the same as your location, and also the same your nifi.web.proxy.context.path= in nifi.properties.

Before attempting to introduce SSL in the mix, I like to get things running with a simple HTTP auth.

Client > http request > NGINX reverse proxy > http request > NIFI

In this case, your NIFI configuration file "nifi.properties" should look like this:

 nifi.web.https.host=
 nifi.web.https.port=
 nifi.web.proxy.context.path=/
 nifi.web.proxy.host=localhost:80
 nifi.remote.input.host=localhost
 nifi.remote.input.secure=false

Restart NIFI.

Notice the context path is / only, so that's everything under the root.

For NGINX

server {
         listen       80;
         server_name  localhost;
     location / {

        proxy_pass https://YOUR_NIFI_INSTANCE:8080;
        proxy_set_header X-ProxyScheme "http";
        proxy_set_header X-ProxyHost localhost;
        proxy_set_header X-ProxyPort 80;
        proxy_set_header X-ProxyContextPath "/";
    }
}

Update YOUR_NIFI_INSTANCE with the url of your NIFI box.

Upvotes: 0

echo
echo

Reputation: 3134

the problem is nifi.web.proxy.context.path is not set properly.

check the doc:

https://docs.hortonworks.com/HDPDocuments/HDF3/HDF-3.3.0/nifi-configuration-best-practices/content/proxy_configuration.html

NiFi will only accept HTTP requests with a X-ProxyContextPath or X-Forwarded-Context header if the value is whitelisted in the nifi.web.proxy.context.path property in nifi.properties. This property accepts a comma separated list of expected values. In the event an incoming request has an X-ProxyContextPath or X-Forwarded-Context header value that is not present in the whitelist, the "An unexpected error has occurred" page will be shown and an error will be written to the nifi-app.log.

Upvotes: 1

Related Questions