CODEWITHSUNDEEP
javajettyapache-nifiminify
bentech4u
bentech4u

Reputation: 175

Apache Nifi 2.x - org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

i was trying to upgrade NiFi to 2 from 1.24. while starting Nifi, service started and port 8443 is listening.But i am getting error 400 on web page

From the web:

HTTP ERROR 400 Invalid SNI
URI:    /nifi
STATUS: 400
MESSAGE:    Invalid SNI
SERVLET:    -
CAUSED BY:  org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI


org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266)
    at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207)
    at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1594)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
    at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:461)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
    at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208)
    at org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:155)
    at org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:450)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
    at java.base/java.lang.Thread.run(Thread.java:1583)

and from app.log

2023-11-30 09:56:46,456 WARN [NiFi Web Server-32] org.eclipse.jetty.server.HttpChannel handleException /nifi org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
2023-11-30 09:56:46,527 WARN [NiFi Web Server-36] org.eclipse.jetty.server.HttpChannel handleException /favicon.ico org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

Upvotes: 2

Views: 3315

Answers (2)

svs
svs

Reputation: 9

I did not have FQDN. AWS ubuntu nifi server just had a host name and aws fqdn did not work. Instead of creating FQDN and updating SNI, I added host name to my windows hosts file.

x.x.x.x my-local-hostname

It is not fancy but gave me additional security measure (not everyone would know the host name).

Upvotes: 0

bentech4u
bentech4u

Reputation: 175

Jetty 10, which is included with NiFi 2.0.0-M1, incorporates updates to the Server Name Indication processing during the TLS handshake. As a result of these changes, the default behavior does not support accessing NiFi using an IP address. Using a hostname or DNS name will avoid the SNI error and allow standard TLS negotiation to work.

My issue got fixed once i accessed nifi with FQDN

Upvotes: 4

Related Questions