You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Sanket Shah <sa...@outlook.com> on 2018/06/04 16:58:27 UTC
Difficult paths for Zeppelin and Nginx integration
Am trying to put Nginx in front of Zeppelin. Regular requests are passing through, but Websockets are not working. Followed this based on guide of Zeppelin - https://zeppelin.apache.org/docs/0.7.3/security/authentication.html. Seems having a real tough luck to get this going as scratching head and pulling hairs 😞
Apache Zeppelin 0.7.3 Documentation: Authentication for NGINX<https://zeppelin.apache.org/docs/0.7.3/security/authentication.html>
There are multiple ways to enable authentication in Apache Zeppelin. This page describes HTTP basic auth using NGINX.
zeppelin.apache.org
Below is excerpt of my configuration:
location /zeppelin/ {
proxy_pass http://104.211.216.218:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
location /zeppelin/ws {
proxy_pass http://104.211.216.218:8080/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
Sanket Tarun Shah - Enterprise Architect
+91 98793 56075 | sanket.shah@outlook.com<http://outlook.com>
(LinkedIn<http://www.linkedin.com/in/sankettshah>)
Re: Difficult paths for Zeppelin and Nginx integration
Posted by Fabien Morcamp <fm...@ludia.com>.
Sanket,
Its works for me, and I'm based on this documentation:
https://zeppelin.apache.org/docs/0.7.3/security/authentication.html
Like that:
> location /ws {
> proxy_pass http://my_internal_ip:8080/ws;
> proxy_read_timeout 86400;
> proxy_connect_timeout 5s;
> proxy_redirect off;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> }
> location / {
> proxy_pass http://my_internal_ip:8080;
> proxy_read_timeout 5s;
> proxy_connect_timeout 5s;
> proxy_redirect off;
}
On Mon, Jun 4, 2018 at 12:58 PM, Sanket Shah <sa...@outlook.com>
wrote:
> Am trying to put Nginx in front of Zeppelin. Regular requests are passing
> through, but Websockets are not working. Followed this based on guide of
> Zeppelin - https://zeppelin.apache.org/docs/0.7.3/security/
> authentication.html
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__zeppelin.apache.org_docs_0.7.3_security_authentication.html&d=DwMGaQ&c=BxKcMbETFwSktsL116c0CLzwOlCGdYKnl0_kgHBnEac&r=Cz313sy0DGD4JuHZ93S6bMPpG1xAhcZHh_bw6lGKbAU&m=9yw9l6aFIV_QYXsnWd438noiAl-S9P16m7-x5W5kHjs&s=JITiZqiJEpnQXaeBIReD1TLouNuR6Phj0j83dzc-7oM&e=>.
> Seems having a real tough luck to get this going as scratching head and
> pulling hairs 😞
> Apache Zeppelin 0.7.3 Documentation: Authentication for NGINX
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__zeppelin.apache.org_docs_0.7.3_security_authentication.html&d=DwMGaQ&c=BxKcMbETFwSktsL116c0CLzwOlCGdYKnl0_kgHBnEac&r=Cz313sy0DGD4JuHZ93S6bMPpG1xAhcZHh_bw6lGKbAU&m=9yw9l6aFIV_QYXsnWd438noiAl-S9P16m7-x5W5kHjs&s=JITiZqiJEpnQXaeBIReD1TLouNuR6Phj0j83dzc-7oM&e=>
> There are multiple ways to enable authentication in Apache Zeppelin. This
> page describes HTTP basic auth using NGINX.
> zeppelin.apache.org
>
> Below is excerpt of my configuration:
>
> location /zeppelin/ {
> proxy_pass http://104.211.216.218:8080/; proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $http_host;
> proxy_set_header X-NginX-Proxy true;
> proxy_redirect off;
> }
>
> location /zeppelin/ws {
> proxy_pass http://104.211.216.218:8080/ws; proxy_http_version 1.1;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> proxy_read_timeout 86400;
> }
>
>
>
>
> *Sanket Tarun Shah - **Enterprise Architect*
> +91 98793 56075 | sanket.shah@outlook.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__outlook.com&d=DwMGaQ&c=BxKcMbETFwSktsL116c0CLzwOlCGdYKnl0_kgHBnEac&r=Cz313sy0DGD4JuHZ93S6bMPpG1xAhcZHh_bw6lGKbAU&m=9yw9l6aFIV_QYXsnWd438noiAl-S9P16m7-x5W5kHjs&s=EclHAKhIsMoxNCYUiJWjH3KeOi6uT5U2ZAe6btLSfQA&e=>
> (LinkedIn
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_in_sankettshah&d=DwMGaQ&c=BxKcMbETFwSktsL116c0CLzwOlCGdYKnl0_kgHBnEac&r=Cz313sy0DGD4JuHZ93S6bMPpG1xAhcZHh_bw6lGKbAU&m=9yw9l6aFIV_QYXsnWd438noiAl-S9P16m7-x5W5kHjs&s=Ryfsg6dMNda_PASEjXxr37xCEEE1cNRrkImmaKHy_c0&e=>
> )
>
Re: Difficult paths for Zeppelin and Nginx integration
Posted by Sam Nicholson <sa...@ogt11.com>.
One more thing worth while noting is - if I pass public IP address of
Zeppelin, it fails; but if private IP is passed, it works. This is
specifically observed on Azure VM and AWS EC2 instances.
Yes, On AWS and Azure this is to be expected, and desired.
Public IP ---|--- nginx ---|--- Private IP
Even if the IPs are on the same network interface.
AWS routing and switching is interesting. Multiple methods/generations of
patterns, and designed to not leak private address space.
Azure has different behavior, but similar results.
On Mon, Jun 4, 2018 at 9:26 PM, Sanket Shah <sa...@outlook.com> wrote:
> Thanks Sam and Fabien for sharing the snippets. Fabien's solution didn't
> worked, but Sam's solution got me success.
>
> location /zeppelin/ {
> proxy_pass http://10.0.1.1:8080/;proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $http_host;
> proxy_set_header X-NginX-Proxy true;
> proxy_redirect off;
> }
>
> location /zeppelin/ws {
> proxy_pass http://10.0.1.1:8080/ws;proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $proxy_protocol_addr;
> proxy_set_header X-Forwarded-For $proxy_protocol_addr;
> proxy_http_version 1.1;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> proxy_read_timeout 5s;
> proxy_connect_timeout 5s;
> proxy_redirect off;
> }
>
>
> One more thing worth while noting is - if I pass public IP address of
> Zeppelin, it fails; but if private IP is passed, it works. This is
> specifically observed on Azure VM and AWS EC2 instances.
>
>
> *Sanket Tarun Shah - **Enterprise Architect*
> +91 98793 56075 | sanket.shah@outlook.com <http://outlook.com>
> (LinkedIn <http://www.linkedin.com/in/sankettshah>)
> ------------------------------
> *From:* Sam Nicholson <sa...@ogt11.com>
> *Sent:* 05 June 2018 04:53 AM
> *To:* users@zeppelin.apache.org
> *Subject:* Re: Difficult paths for Zeppelin and Nginx integration
>
>
> Here's the zeppelin from my currently, working, config
> I have changed my DNS domains to "internal" and "external"
> Other than that, it's really verbatim.
>
> server {
> listen 443 ssl http2;
> server_name zeppelin.external;
> ssl_certificate /etc/certs/fullchain.cer;
> ssl_certificate_key /etc/certs/cert.key;
> location / {
> proxy_pass http://zeppelin.internal:6800;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $proxy_protocol_addr;
> proxy_set_header X-Forwarded-For $proxy_protocol_addr;
> }
> location /ws {
> proxy_pass http://zeppelin.internal:6800;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $proxy_protocol_addr;
> proxy_set_header X-Forwarded-For $proxy_protocol_addr;
> proxy_http_version 1.1;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> proxy_read_timeout 86400;
> }
> }
>
>
> On Mon, Jun 4, 2018 at 12:58 PM, Sanket Shah <sa...@outlook.com>
> wrote:
>
> Am trying to put Nginx in front of Zeppelin. Regular requests are passing
> through, but Websockets are not working. Followed this based on guide of
> Zeppelin - https://zeppelin.apache.org/docs/0.7.3/security/authentica
> tion.html. Seems having a real tough luck to get this going as scratching
> head and pulling hairs 😞
> Apache Zeppelin 0.7.3 Documentation: Authentication for NGINX
> <https://zeppelin.apache.org/docs/0.7.3/security/authentication.html>
> There are multiple ways to enable authentication in Apache Zeppelin. This
> page describes HTTP basic auth using NGINX.
> zeppelin.apache.org
>
> Below is excerpt of my configuration:
>
> location /zeppelin/ {
> proxy_pass http://104.211.216.218:8080/; proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $http_host;
> proxy_set_header X-NginX-Proxy true;
> proxy_redirect off;
> }
>
> location /zeppelin/ws {
> proxy_pass http://104.211.216.218:8080/ws; proxy_http_version 1.1;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> proxy_read_timeout 86400;
> }
>
>
>
>
> *Sanket Tarun Shah - **Enterprise Architect*
> +91 98793 56075 | sanket.shah@outlook.com <http://outlook.com>
> (LinkedIn <http://www.linkedin.com/in/sankettshah>)
>
>
>
Re: Difficult paths for Zeppelin and Nginx integration
Posted by Sanket Shah <sa...@outlook.com>.
Thanks Sam and Fabien for sharing the snippets. Fabien's solution didn't worked, but Sam's solution got me success.
location /zeppelin/ {
proxy_pass http://10.0.1.1:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
location /zeppelin/ws {
proxy_pass http://10.0.1.1:8080/ws;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 5s;
proxy_connect_timeout 5s;
proxy_redirect off;
}
One more thing worth while noting is - if I pass public IP address of Zeppelin, it fails; but if private IP is passed, it works. This is specifically observed on Azure VM and AWS EC2 instances.
Sanket Tarun Shah - Enterprise Architect
+91 98793 56075 | sanket.shah@outlook.com<http://outlook.com>
(LinkedIn<http://www.linkedin.com/in/sankettshah>)
________________________________
From: Sam Nicholson <sa...@ogt11.com>
Sent: 05 June 2018 04:53 AM
To: users@zeppelin.apache.org
Subject: Re: Difficult paths for Zeppelin and Nginx integration
Here's the zeppelin from my currently, working, config
I have changed my DNS domains to "internal" and "external"
Other than that, it's really verbatim.
server {
listen 443 ssl http2;
server_name zeppelin.external;
ssl_certificate /etc/certs/fullchain.cer;
ssl_certificate_key /etc/certs/cert.key;
location / {
proxy_pass http://zeppelin.internal:6800;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
location /ws {
proxy_pass http://zeppelin.internal:6800;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
}
On Mon, Jun 4, 2018 at 12:58 PM, Sanket Shah <sa...@outlook.com>> wrote:
Am trying to put Nginx in front of Zeppelin. Regular requests are passing through, but Websockets are not working. Followed this based on guide of Zeppelin - https://zeppelin.apache.org/docs/0.7.3/security/authentication.html. Seems having a real tough luck to get this going as scratching head and pulling hairs 😞
Apache Zeppelin 0.7.3 Documentation: Authentication for NGINX<https://zeppelin.apache.org/docs/0.7.3/security/authentication.html>
There are multiple ways to enable authentication in Apache Zeppelin. This page describes HTTP basic auth using NGINX.
zeppelin.apache.org<http://zeppelin.apache.org>
Below is excerpt of my configuration:
location /zeppelin/ {
proxy_pass http://104.211.216.218:8080/<http://104.211.216.218:8080/>;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
location /zeppelin/ws {
proxy_pass http://104.211.216.218:8080/ws<http://104.211.216.218:8080/ws>;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
Sanket Tarun Shah - Enterprise Architect
+91 98793 56075 | sanket.shah@outlook.com<http://outlook.com>
(LinkedIn<http://www.linkedin.com/in/sankettshah>)
Re: Difficult paths for Zeppelin and Nginx integration
Posted by Sam Nicholson <sa...@ogt11.com>.
Here's the zeppelin from my currently, working, config
I have changed my DNS domains to "internal" and "external"
Other than that, it's really verbatim.
server {
listen 443 ssl http2;
server_name zeppelin.external;
ssl_certificate /etc/certs/fullchain.cer;
ssl_certificate_key /etc/certs/cert.key;
location / {
proxy_pass http://zeppelin.internal:6800;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
location /ws {
proxy_pass http://zeppelin.internal:6800;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
}
On Mon, Jun 4, 2018 at 12:58 PM, Sanket Shah <sa...@outlook.com>
wrote:
> Am trying to put Nginx in front of Zeppelin. Regular requests are passing
> through, but Websockets are not working. Followed this based on guide of
> Zeppelin - https://zeppelin.apache.org/docs/0.7.3/security/
> authentication.html. Seems having a real tough luck to get this going as
> scratching head and pulling hairs 😞
> Apache Zeppelin 0.7.3 Documentation: Authentication for NGINX
> <https://zeppelin.apache.org/docs/0.7.3/security/authentication.html>
> There are multiple ways to enable authentication in Apache Zeppelin. This
> page describes HTTP basic auth using NGINX.
> zeppelin.apache.org
>
> Below is excerpt of my configuration:
>
> location /zeppelin/ {
> proxy_pass http://104.211.216.218:8080/; proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $http_host;
> proxy_set_header X-NginX-Proxy true;
> proxy_redirect off;
> }
>
> location /zeppelin/ws {
> proxy_pass http://104.211.216.218:8080/ws; proxy_http_version 1.1;
> proxy_set_header Upgrade websocket;
> proxy_set_header Connection upgrade;
> proxy_read_timeout 86400;
> }
>
>
>
>
> *Sanket Tarun Shah - **Enterprise Architect*
> +91 98793 56075 | sanket.shah@outlook.com <http://outlook.com>
> (LinkedIn <http://www.linkedin.com/in/sankettshah>)
>