You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by michail salichos <mi...@gmail.com> on 2016/03/14 15:36:37 UTC
NIFI NGINX as reverse proxy
Hello,
I followed the instructions here
https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
and managed to configure nginx as reverse proxy for HTTP, it works well.
However, no matter what I tried I can't configure to terminate HTTPS on
nginx and then use plain HTTP to communicate with NIFI. This is the config
I am currently using for HTTP and it works
location /nifi {
proxy_pass http://nifi:8080;
proxy_set_header X-ProxyScheme "http";
proxy_set_header X-ProxyHost $http_host;
proxy_set_header X-ProxyPort 80;
proxy_set_header X-ProxyContextPath "";
}
I tried to change the scheme to HTTPS and port to 443 but no luck.
Any tips or hints?
Regards,
Michail
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
Attached some logging from both NGINX and NIFI.
The first request goes through, the subsequent are failing. My default.conf
is rather simple, I only have two servers listening on 80 and 443 ports. If
I move the exact same location block to 80 works smoothly but when I move
it to 443/ssl only the first request goes through successfully.
Michail
On Tue, Mar 15, 2016 at 1:50 PM, Matt Gilman <ma...@gmail.com>
wrote:
> From the screenshot it looks as though only /nifi is getting through the
> proxy. Even requests for resources under /nifi don't seem to get through. I
> see from your configuration that it looks like you've mapped the root
> context path so everything should get through (not just /nifi). NiFi is
> comprised of a number of web applications (UI, API, docs, Custom UIs, etc)
> so mapping from the root context path is required.
>
> Is there any additionally logging at the proxy that might provide more
> insight regarding the requests.
>
> Matt
>
> On Tue, Mar 15, 2016 at 7:56 AM, michail salichos <
> michail.salichos@gmail.com> wrote:
>
>> Hello,
>>
>> Please find attached a screenshot.
>>
>> As you might see, it loads the page but missing all subsequent requests.
>>
>> To answer your question I am still far from reaching the canvas!
>>
>> Regards,
>> Michail
>>
>> On Tue, Mar 15, 2016 at 12:43 PM, Matt Gilman <ma...@gmail.com>
>> wrote:
>>
>>> Just to clarify, the NiFi UI loads however subsequent requests fail?
>>> Like moving a processor on the canvas.
>>>
>>> Matt
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 15, 2016, at 3:30 AM, michail salichos <
>>> michail.salichos@gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> Just tried "proxy_pass_header Server;" but still no luck, subsequent
>>> requests are being issued but I keep getting 404.
>>>
>>> Regards,
>>> Michail
>>>
>>> On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
>>>
>>>> You may also need to pass the Server header, I believe some server-side
>>>> UI code uses this to format client-side resource locations.
>>>>
>>>> proxy_pass_header Server;
>>>>
>>>>
>>>>
>>>> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <
>>>> michail.salichos@gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I tried adding ssl param but still no luck. As I said with plan http
>>>>> location block works just fine, but when I move the location block to https
>>>>> it issues the first get http request for NIFI main page (it downloads
>>>>> unformatted - without css, js, etc) and all subsequent http requests are
>>>>> failing with 404 not found.
>>>>>
>>>>> Thanks again,
>>>>> Michail
>>>>>
>>>>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Michail,
>>>>>>
>>>>>> Looks like you are missing your "ssl" parameter on your listen
>>>>>> statement. [1] Not sure if that is the issue, but the rest looks okay from
>>>>>> inspection.
>>>>>>
>>>>>>
>>>>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>>>>
>>>>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
>>>>>> michail.salichos@gmail.com> wrote:
>>>>>>
>>>>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>>>>>> kibana and others services ssl termination and reverse forwarding works
>>>>>>> just fine, only NIFI is giving me troubles.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Michail
>>>>>>>
>>>>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Michall,
>>>>>>>>
>>>>>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>>>>>> previously. Do you have your server block (likely the one containing this
>>>>>>>> location block) established with the appropriate certificates and a listen
>>>>>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>>>>>> overwriting of the headers should be needed.
>>>>>>>>
>>>>>>>> Is the problem strictly with NiFi? Are there any other services
>>>>>>>> running where this is not an issue?
>>>>>>>>
>>>>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>>>>>>> michail.salichos@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I followed the instructions here
>>>>>>>>>
>>>>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>>>>
>>>>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>>>>>> well.
>>>>>>>>>
>>>>>>>>> However, no matter what I tried I can't configure to terminate
>>>>>>>>> HTTPS on nginx and then use plain HTTP to communicate with NIFI. This is
>>>>>>>>> the config I am currently using for HTTP and it works
>>>>>>>>>
>>>>>>>>> location /nifi {
>>>>>>>>> proxy_pass http://nifi:8080;
>>>>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>>>>
>>>>>>>>> Any tips or hints?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Michail
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by Joe Witt <jo...@gmail.com>.
Seems like we need a user guide for setup with NiFi and NGINX.
On Tue, Mar 15, 2016 at 8:50 AM, Matt Gilman <ma...@gmail.com> wrote:
> From the screenshot it looks as though only /nifi is getting through the
> proxy. Even requests for resources under /nifi don't seem to get through. I
> see from your configuration that it looks like you've mapped the root
> context path so everything should get through (not just /nifi). NiFi is
> comprised of a number of web applications (UI, API, docs, Custom UIs, etc)
> so mapping from the root context path is required.
>
> Is there any additionally logging at the proxy that might provide more
> insight regarding the requests.
>
> Matt
>
> On Tue, Mar 15, 2016 at 7:56 AM, michail salichos
> <mi...@gmail.com> wrote:
>>
>> Hello,
>>
>> Please find attached a screenshot.
>>
>> As you might see, it loads the page but missing all subsequent requests.
>>
>> To answer your question I am still far from reaching the canvas!
>>
>> Regards,
>> Michail
>>
>> On Tue, Mar 15, 2016 at 12:43 PM, Matt Gilman <ma...@gmail.com>
>> wrote:
>>>
>>> Just to clarify, the NiFi UI loads however subsequent requests fail? Like
>>> moving a processor on the canvas.
>>>
>>> Matt
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 15, 2016, at 3:30 AM, michail salichos
>>> <mi...@gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> Just tried "proxy_pass_header Server;" but still no luck, subsequent
>>> requests are being issued but I keep getting 404.
>>>
>>> Regards,
>>> Michail
>>>
>>> On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
>>>>
>>>> You may also need to pass the Server header, I believe some server-side
>>>> UI code uses this to format client-side resource locations.
>>>>
>>>> proxy_pass_header Server;
>>>>
>>>>
>>>>
>>>> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos
>>>> <mi...@gmail.com> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I tried adding ssl param but still no luck. As I said with plan http
>>>>> location block works just fine, but when I move the location block to https
>>>>> it issues the first get http request for NIFI main page (it downloads
>>>>> unformatted - without css, js, etc) and all subsequent http requests are
>>>>> failing with 404 not found.
>>>>>
>>>>> Thanks again,
>>>>> Michail
>>>>>
>>>>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> Michail,
>>>>>>
>>>>>> Looks like you are missing your "ssl" parameter on your listen
>>>>>> statement. [1] Not sure if that is the issue, but the rest looks okay from
>>>>>> inspection.
>>>>>>
>>>>>>
>>>>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>>>>
>>>>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos
>>>>>> <mi...@gmail.com> wrote:
>>>>>>>
>>>>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>>>>>> kibana and others services ssl termination and reverse forwarding works just
>>>>>>> fine, only NIFI is giving me troubles.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Michail
>>>>>>>
>>>>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Michall,
>>>>>>>>
>>>>>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>>>>>> previously. Do you have your server block (likely the one containing this
>>>>>>>> location block) established with the appropriate certificates and a listen
>>>>>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>>>>>> overwriting of the headers should be needed.
>>>>>>>>
>>>>>>>> Is the problem strictly with NiFi? Are there any other services
>>>>>>>> running where this is not an issue?
>>>>>>>>
>>>>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos
>>>>>>>> <mi...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I followed the instructions here
>>>>>>>>>
>>>>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>>>>
>>>>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>>>>>> well.
>>>>>>>>>
>>>>>>>>> However, no matter what I tried I can't configure to terminate
>>>>>>>>> HTTPS on nginx and then use plain HTTP to communicate with NIFI. This is the
>>>>>>>>> config I am currently using for HTTP and it works
>>>>>>>>>
>>>>>>>>> location /nifi {
>>>>>>>>> proxy_pass http://nifi:8080;
>>>>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>>>>
>>>>>>>>> Any tips or hints?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Michail
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by Matt Gilman <ma...@gmail.com>.
>From the screenshot it looks as though only /nifi is getting through the
proxy. Even requests for resources under /nifi don't seem to get through. I
see from your configuration that it looks like you've mapped the root
context path so everything should get through (not just /nifi). NiFi is
comprised of a number of web applications (UI, API, docs, Custom UIs, etc)
so mapping from the root context path is required.
Is there any additionally logging at the proxy that might provide more
insight regarding the requests.
Matt
On Tue, Mar 15, 2016 at 7:56 AM, michail salichos <
michail.salichos@gmail.com> wrote:
> Hello,
>
> Please find attached a screenshot.
>
> As you might see, it loads the page but missing all subsequent requests.
>
> To answer your question I am still far from reaching the canvas!
>
> Regards,
> Michail
>
> On Tue, Mar 15, 2016 at 12:43 PM, Matt Gilman <ma...@gmail.com>
> wrote:
>
>> Just to clarify, the NiFi UI loads however subsequent requests fail? Like
>> moving a processor on the canvas.
>>
>> Matt
>>
>> Sent from my iPhone
>>
>> On Mar 15, 2016, at 3:30 AM, michail salichos <mi...@gmail.com>
>> wrote:
>>
>> Hello,
>>
>> Just tried "proxy_pass_header Server;" but still no luck, subsequent
>> requests are being issued but I keep getting 404.
>>
>> Regards,
>> Michail
>>
>> On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
>>
>>> You may also need to pass the Server header, I believe some server-side
>>> UI code uses this to format client-side resource locations.
>>>
>>> proxy_pass_header Server;
>>>
>>>
>>>
>>> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <
>>> michail.salichos@gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I tried adding ssl param but still no luck. As I said with plan http
>>>> location block works just fine, but when I move the location block to https
>>>> it issues the first get http request for NIFI main page (it downloads
>>>> unformatted - without css, js, etc) and all subsequent http requests are
>>>> failing with 404 not found.
>>>>
>>>> Thanks again,
>>>> Michail
>>>>
>>>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com>
>>>> wrote:
>>>>
>>>>> Michail,
>>>>>
>>>>> Looks like you are missing your "ssl" parameter on your listen
>>>>> statement. [1] Not sure if that is the issue, but the rest looks okay from
>>>>> inspection.
>>>>>
>>>>>
>>>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>>>
>>>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
>>>>> michail.salichos@gmail.com> wrote:
>>>>>
>>>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>>>>> kibana and others services ssl termination and reverse forwarding works
>>>>>> just fine, only NIFI is giving me troubles.
>>>>>>
>>>>>> Regards,
>>>>>> Michail
>>>>>>
>>>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Michall,
>>>>>>>
>>>>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>>>>> previously. Do you have your server block (likely the one containing this
>>>>>>> location block) established with the appropriate certificates and a listen
>>>>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>>>>> overwriting of the headers should be needed.
>>>>>>>
>>>>>>> Is the problem strictly with NiFi? Are there any other services
>>>>>>> running where this is not an issue?
>>>>>>>
>>>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>>>>>> michail.salichos@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I followed the instructions here
>>>>>>>>
>>>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>>>
>>>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>>>>> well.
>>>>>>>>
>>>>>>>> However, no matter what I tried I can't configure to terminate
>>>>>>>> HTTPS on nginx and then use plain HTTP to communicate with NIFI. This is
>>>>>>>> the config I am currently using for HTTP and it works
>>>>>>>>
>>>>>>>> location /nifi {
>>>>>>>> proxy_pass http://nifi:8080;
>>>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>>>> }
>>>>>>>>
>>>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>>>
>>>>>>>> Any tips or hints?
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Michail
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
Hello,
Please find attached a screenshot.
As you might see, it loads the page but missing all subsequent requests.
To answer your question I am still far from reaching the canvas!
Regards,
Michail
On Tue, Mar 15, 2016 at 12:43 PM, Matt Gilman <ma...@gmail.com>
wrote:
> Just to clarify, the NiFi UI loads however subsequent requests fail? Like
> moving a processor on the canvas.
>
> Matt
>
> Sent from my iPhone
>
> On Mar 15, 2016, at 3:30 AM, michail salichos <mi...@gmail.com>
> wrote:
>
> Hello,
>
> Just tried "proxy_pass_header Server;" but still no luck, subsequent
> requests are being issued but I keep getting 404.
>
> Regards,
> Michail
>
> On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
>
>> You may also need to pass the Server header, I believe some server-side
>> UI code uses this to format client-side resource locations.
>>
>> proxy_pass_header Server;
>>
>>
>>
>> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <
>> michail.salichos@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I tried adding ssl param but still no luck. As I said with plan http
>>> location block works just fine, but when I move the location block to https
>>> it issues the first get http request for NIFI main page (it downloads
>>> unformatted - without css, js, etc) and all subsequent http requests are
>>> failing with 404 not found.
>>>
>>> Thanks again,
>>> Michail
>>>
>>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com>
>>> wrote:
>>>
>>>> Michail,
>>>>
>>>> Looks like you are missing your "ssl" parameter on your listen
>>>> statement. [1] Not sure if that is the issue, but the rest looks okay from
>>>> inspection.
>>>>
>>>>
>>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>>
>>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
>>>> michail.salichos@gmail.com> wrote:
>>>>
>>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>>>> kibana and others services ssl termination and reverse forwarding works
>>>>> just fine, only NIFI is giving me troubles.
>>>>>
>>>>> Regards,
>>>>> Michail
>>>>>
>>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Michall,
>>>>>>
>>>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>>>> previously. Do you have your server block (likely the one containing this
>>>>>> location block) established with the appropriate certificates and a listen
>>>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>>>> overwriting of the headers should be needed.
>>>>>>
>>>>>> Is the problem strictly with NiFi? Are there any other services
>>>>>> running where this is not an issue?
>>>>>>
>>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>>>>> michail.salichos@gmail.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I followed the instructions here
>>>>>>>
>>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>>
>>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>>>> well.
>>>>>>>
>>>>>>> However, no matter what I tried I can't configure to terminate HTTPS
>>>>>>> on nginx and then use plain HTTP to communicate with NIFI. This is the
>>>>>>> config I am currently using for HTTP and it works
>>>>>>>
>>>>>>> location /nifi {
>>>>>>> proxy_pass http://nifi:8080;
>>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>>> }
>>>>>>>
>>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>>
>>>>>>> Any tips or hints?
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Michail
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by Matt Gilman <ma...@gmail.com>.
Just to clarify, the NiFi UI loads however subsequent requests fail? Like moving a processor on the canvas.
Matt
Sent from my iPhone
> On Mar 15, 2016, at 3:30 AM, michail salichos <mi...@gmail.com> wrote:
>
> Hello,
>
> Just tried "proxy_pass_header Server;" but still no luck, subsequent requests are being issued but I keep getting 404.
>
> Regards,
> Michail
>
>> On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
>> You may also need to pass the Server header, I believe some server-side UI code uses this to format client-side resource locations.
>>
>> proxy_pass_header Server;
>>
>>
>>
>>> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <mi...@gmail.com> wrote:
>>> Hello,
>>>
>>> I tried adding ssl param but still no luck. As I said with plan http location block works just fine, but when I move the location block to https it issues the first get http request for NIFI main page (it downloads unformatted - without css, js, etc) and all subsequent http requests are failing with 404 not found.
>>>
>>> Thanks again,
>>> Michail
>>>
>>>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com> wrote:
>>>> Michail,
>>>>
>>>> Looks like you are missing your "ssl" parameter on your listen statement. [1] Not sure if that is the issue, but the rest looks okay from inspection.
>>>>
>>>>
>>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>>
>>>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <mi...@gmail.com> wrote:
>>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch, kibana and others services ssl termination and reverse forwarding works just fine, only NIFI is giving me troubles.
>>>>>
>>>>> Regards,
>>>>> Michail
>>>>>
>>>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com> wrote:
>>>>>
>>>>>> Michall,
>>>>>>
>>>>>> A bit outside of the NiFi realm, but I have done similar myself previously. Do you have your server block (likely the one containing this location block) established with the appropriate certificates and a listen statement with ssl listed after the port? From memory, I do not believe any overwriting of the headers should be needed.
>>>>>>
>>>>>> Is the problem strictly with NiFi? Are there any other services running where this is not an issue?
>>>>>>
>>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <mi...@gmail.com> wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> I followed the instructions here
>>>>>>>
>>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>>
>>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>>>>>>
>>>>>>> However, no matter what I tried I can't configure to terminate HTTPS on nginx and then use plain HTTP to communicate with NIFI. This is the config I am currently using for HTTP and it works
>>>>>>>
>>>>>>> location /nifi {
>>>>>>> proxy_pass http://nifi:8080;
>>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>>> }
>>>>>>>
>>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>>
>>>>>>> Any tips or hints?
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Michail
>
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
Hello,
Just tried "proxy_pass_header Server;" but still no luck, subsequent
requests are being issued but I keep getting 404.
Regards,
Michail
On Mon, Mar 14, 2016 at 5:35 PM, James Wing <jv...@gmail.com> wrote:
> You may also need to pass the Server header, I believe some server-side UI
> code uses this to format client-side resource locations.
>
> proxy_pass_header Server;
>
>
>
> On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <
> michail.salichos@gmail.com> wrote:
>
>> Hello,
>>
>> I tried adding ssl param but still no luck. As I said with plan http
>> location block works just fine, but when I move the location block to https
>> it issues the first get http request for NIFI main page (it downloads
>> unformatted - without css, js, etc) and all subsequent http requests are
>> failing with 404 not found.
>>
>> Thanks again,
>> Michail
>>
>> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com>
>> wrote:
>>
>>> Michail,
>>>
>>> Looks like you are missing your "ssl" parameter on your listen
>>> statement. [1] Not sure if that is the issue, but the rest looks okay from
>>> inspection.
>>>
>>>
>>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>>
>>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
>>> michail.salichos@gmail.com> wrote:
>>>
>>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>>> kibana and others services ssl termination and reverse forwarding works
>>>> just fine, only NIFI is giving me troubles.
>>>>
>>>> Regards,
>>>> Michail
>>>>
>>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>>> wrote:
>>>>
>>>>> Michall,
>>>>>
>>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>>> previously. Do you have your server block (likely the one containing this
>>>>> location block) established with the appropriate certificates and a listen
>>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>>> overwriting of the headers should be needed.
>>>>>
>>>>> Is the problem strictly with NiFi? Are there any other services
>>>>> running where this is not an issue?
>>>>>
>>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>>>> michail.salichos@gmail.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I followed the instructions here
>>>>>>
>>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>>
>>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>>> well.
>>>>>>
>>>>>> However, no matter what I tried I can't configure to terminate HTTPS
>>>>>> on nginx and then use plain HTTP to communicate with NIFI. This is the
>>>>>> config I am currently using for HTTP and it works
>>>>>>
>>>>>> location /nifi {
>>>>>> proxy_pass http://nifi:8080;
>>>>>> proxy_set_header X-ProxyScheme "http";
>>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>>> proxy_set_header X-ProxyPort 80;
>>>>>> proxy_set_header X-ProxyContextPath "";
>>>>>> }
>>>>>>
>>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>>
>>>>>> Any tips or hints?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Michail
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by James Wing <jv...@gmail.com>.
You may also need to pass the Server header, I believe some server-side UI
code uses this to format client-side resource locations.
proxy_pass_header Server;
On Mon, Mar 14, 2016 at 8:54 AM, michail salichos <
michail.salichos@gmail.com> wrote:
> Hello,
>
> I tried adding ssl param but still no luck. As I said with plan http
> location block works just fine, but when I move the location block to https
> it issues the first get http request for NIFI main page (it downloads
> unformatted - without css, js, etc) and all subsequent http requests are
> failing with 404 not found.
>
> Thanks again,
> Michail
>
> On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com> wrote:
>
>> Michail,
>>
>> Looks like you are missing your "ssl" parameter on your listen statement.
>> [1] Not sure if that is the issue, but the rest looks okay from inspection.
>>
>>
>> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>>
>> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
>> michail.salichos@gmail.com> wrote:
>>
>>> I forgot to mention, since you asked, for zeppelin, elasticsearch,
>>> kibana and others services ssl termination and reverse forwarding works
>>> just fine, only NIFI is giving me troubles.
>>>
>>> Regards,
>>> Michail
>>>
>>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>>> wrote:
>>>
>>>> Michall,
>>>>
>>>> A bit outside of the NiFi realm, but I have done similar myself
>>>> previously. Do you have your server block (likely the one containing this
>>>> location block) established with the appropriate certificates and a listen
>>>> statement with ssl listed after the port? From memory, I do not believe any
>>>> overwriting of the headers should be needed.
>>>>
>>>> Is the problem strictly with NiFi? Are there any other services running
>>>> where this is not an issue?
>>>>
>>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>>> michail.salichos@gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I followed the instructions here
>>>>>
>>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>>
>>>>> and managed to configure nginx as reverse proxy for HTTP, it works
>>>>> well.
>>>>>
>>>>> However, no matter what I tried I can't configure to terminate HTTPS
>>>>> on nginx and then use plain HTTP to communicate with NIFI. This is the
>>>>> config I am currently using for HTTP and it works
>>>>>
>>>>> location /nifi {
>>>>> proxy_pass http://nifi:8080;
>>>>> proxy_set_header X-ProxyScheme "http";
>>>>> proxy_set_header X-ProxyHost $http_host;
>>>>> proxy_set_header X-ProxyPort 80;
>>>>> proxy_set_header X-ProxyContextPath "";
>>>>> }
>>>>>
>>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>>
>>>>> Any tips or hints?
>>>>>
>>>>>
>>>>> Regards,
>>>>> Michail
>>>>>
>>>>
>>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
Hello,
I tried adding ssl param but still no luck. As I said with plan http
location block works just fine, but when I move the location block to https
it issues the first get http request for NIFI main page (it downloads
unformatted - without css, js, etc) and all subsequent http requests are
failing with 404 not found.
Thanks again,
Michail
On Mon, Mar 14, 2016 at 4:01 PM, Aldrin Piri <al...@gmail.com> wrote:
> Michail,
>
> Looks like you are missing your "ssl" parameter on your listen statement.
> [1] Not sure if that is the issue, but the rest looks okay from inspection.
>
>
> [1] http://nginx.org/en/docs/http/configuring_https_servers.html
>
> On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
> michail.salichos@gmail.com> wrote:
>
>> I forgot to mention, since you asked, for zeppelin, elasticsearch, kibana
>> and others services ssl termination and reverse forwarding works just fine,
>> only NIFI is giving me troubles.
>>
>> Regards,
>> Michail
>>
>> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com>
>> wrote:
>>
>>> Michall,
>>>
>>> A bit outside of the NiFi realm, but I have done similar myself
>>> previously. Do you have your server block (likely the one containing this
>>> location block) established with the appropriate certificates and a listen
>>> statement with ssl listed after the port? From memory, I do not believe any
>>> overwriting of the headers should be needed.
>>>
>>> Is the problem strictly with NiFi? Are there any other services running
>>> where this is not an issue?
>>>
>>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>>> michail.salichos@gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I followed the instructions here
>>>>
>>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>>
>>>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>>>
>>>> However, no matter what I tried I can't configure to terminate HTTPS on
>>>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>>>> I am currently using for HTTP and it works
>>>>
>>>> location /nifi {
>>>> proxy_pass http://nifi:8080;
>>>> proxy_set_header X-ProxyScheme "http";
>>>> proxy_set_header X-ProxyHost $http_host;
>>>> proxy_set_header X-ProxyPort 80;
>>>> proxy_set_header X-ProxyContextPath "";
>>>> }
>>>>
>>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>>
>>>> Any tips or hints?
>>>>
>>>>
>>>> Regards,
>>>> Michail
>>>>
>>>
>>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by Aldrin Piri <al...@gmail.com>.
Michail,
Looks like you are missing your "ssl" parameter on your listen statement.
[1] Not sure if that is the issue, but the rest looks okay from inspection.
[1] http://nginx.org/en/docs/http/configuring_https_servers.html
On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
michail.salichos@gmail.com> wrote:
> I forgot to mention, since you asked, for zeppelin, elasticsearch, kibana
> and others services ssl termination and reverse forwarding works just fine,
> only NIFI is giving me troubles.
>
> Regards,
> Michail
>
> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com> wrote:
>
>> Michall,
>>
>> A bit outside of the NiFi realm, but I have done similar myself
>> previously. Do you have your server block (likely the one containing this
>> location block) established with the appropriate certificates and a listen
>> statement with ssl listed after the port? From memory, I do not believe any
>> overwriting of the headers should be needed.
>>
>> Is the problem strictly with NiFi? Are there any other services running
>> where this is not an issue?
>>
>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>> michail.salichos@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I followed the instructions here
>>>
>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>
>>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>>
>>> However, no matter what I tried I can't configure to terminate HTTPS on
>>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>>> I am currently using for HTTP and it works
>>>
>>> location /nifi {
>>> proxy_pass http://nifi:8080;
>>> proxy_set_header X-ProxyScheme "http";
>>> proxy_set_header X-ProxyHost $http_host;
>>> proxy_set_header X-ProxyPort 80;
>>> proxy_set_header X-ProxyContextPath "";
>>> }
>>>
>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>
>>> Any tips or hints?
>>>
>>>
>>> Regards,
>>> Michail
>>>
>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by Matt Gilman <ma...@gmail.com>.
Michail,
Just so I understand what's not working, can you explain the behavior
you're seeing? Does the UI not load at all? Does the UI load but your
unable to make subsequent changes?
Thanks!
Matt
On Mon, Mar 14, 2016 at 10:56 AM, michail salichos <
michail.salichos@gmail.com> wrote:
> I forgot to mention, since you asked, for zeppelin, elasticsearch, kibana
> and others services ssl termination and reverse forwarding works just fine,
> only NIFI is giving me troubles.
>
> Regards,
> Michail
>
> On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com> wrote:
>
>> Michall,
>>
>> A bit outside of the NiFi realm, but I have done similar myself
>> previously. Do you have your server block (likely the one containing this
>> location block) established with the appropriate certificates and a listen
>> statement with ssl listed after the port? From memory, I do not believe any
>> overwriting of the headers should be needed.
>>
>> Is the problem strictly with NiFi? Are there any other services running
>> where this is not an issue?
>>
>> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
>> michail.salichos@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I followed the instructions here
>>>
>>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>>
>>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>>
>>> However, no matter what I tried I can't configure to terminate HTTPS on
>>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>>> I am currently using for HTTP and it works
>>>
>>> location /nifi {
>>> proxy_pass http://nifi:8080;
>>> proxy_set_header X-ProxyScheme "http";
>>> proxy_set_header X-ProxyHost $http_host;
>>> proxy_set_header X-ProxyPort 80;
>>> proxy_set_header X-ProxyContextPath "";
>>> }
>>>
>>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>>
>>> Any tips or hints?
>>>
>>>
>>> Regards,
>>> Michail
>>>
>>
>>
>
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
I forgot to mention, since you asked, for zeppelin, elasticsearch, kibana
and others services ssl termination and reverse forwarding works just fine,
only NIFI is giving me troubles.
Regards,
Michail
On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com> wrote:
> Michall,
>
> A bit outside of the NiFi realm, but I have done similar myself
> previously. Do you have your server block (likely the one containing this
> location block) established with the appropriate certificates and a listen
> statement with ssl listed after the port? From memory, I do not believe any
> overwriting of the headers should be needed.
>
> Is the problem strictly with NiFi? Are there any other services running
> where this is not an issue?
>
> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
> michail.salichos@gmail.com> wrote:
>
>> Hello,
>>
>> I followed the instructions here
>>
>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>
>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>
>> However, no matter what I tried I can't configure to terminate HTTPS on
>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>> I am currently using for HTTP and it works
>>
>> location /nifi {
>> proxy_pass http://nifi:8080;
>> proxy_set_header X-ProxyScheme "http";
>> proxy_set_header X-ProxyHost $http_host;
>> proxy_set_header X-ProxyPort 80;
>> proxy_set_header X-ProxyContextPath "";
>> }
>>
>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>
>> Any tips or hints?
>>
>>
>> Regards,
>> Michail
>>
>
>
Re: NIFI NGINX as reverse proxy
Posted by michail salichos <mi...@gmail.com>.
Hello Aldrin,
Thanks for getting back to me so quickly.
(*)
server
{
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
# Disable sendfile as per
https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
# Add stdout logging
error_log /dev/stdout info;
access_log /dev/stdout;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-ProxyScheme "https";
proxy_set_header X-ProxyHost $http_host;
proxy_set_header X-ProxyPort 443;
proxy_set_header X-ProxyContextPath "";
}
If I move the location block to port 80 server (http) and replace
X-ProxyScheme and X-ProxyPort with corresponding HTTP and 80 everything
works just fine.
Kind regards,
Michail
On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <al...@gmail.com> wrote:
> Michall,
>
> A bit outside of the NiFi realm, but I have done similar myself
> previously. Do you have your server block (likely the one containing this
> location block) established with the appropriate certificates and a listen
> statement with ssl listed after the port? From memory, I do not believe any
> overwriting of the headers should be needed.
>
> Is the problem strictly with NiFi? Are there any other services running
> where this is not an issue?
>
> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
> michail.salichos@gmail.com> wrote:
>
>> Hello,
>>
>> I followed the instructions here
>>
>> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>>
>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>
>> However, no matter what I tried I can't configure to terminate HTTPS on
>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>> I am currently using for HTTP and it works
>>
>> location /nifi {
>> proxy_pass http://nifi:8080;
>> proxy_set_header X-ProxyScheme "http";
>> proxy_set_header X-ProxyHost $http_host;
>> proxy_set_header X-ProxyPort 80;
>> proxy_set_header X-ProxyContextPath "";
>> }
>>
>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>
>> Any tips or hints?
>>
>>
>> Regards,
>> Michail
>>
>
>
Re: NIFI NGINX as reverse proxy
Posted by Aldrin Piri <al...@gmail.com>.
Michall,
A bit outside of the NiFi realm, but I have done similar myself
previously. Do you have your server block (likely the one containing this
location block) established with the appropriate certificates and a listen
statement with ssl listed after the port? From memory, I do not believe any
overwriting of the headers should be needed.
Is the problem strictly with NiFi? Are there any other services running
where this is not an issue?
On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
michail.salichos@gmail.com> wrote:
> Hello,
>
> I followed the instructions here
>
> https://www.mail-archive.com/dev@nifi.apache.org/msg00566.html
>
> and managed to configure nginx as reverse proxy for HTTP, it works well.
>
> However, no matter what I tried I can't configure to terminate HTTPS on
> nginx and then use plain HTTP to communicate with NIFI. This is the config
> I am currently using for HTTP and it works
>
> location /nifi {
> proxy_pass http://nifi:8080;
> proxy_set_header X-ProxyScheme "http";
> proxy_set_header X-ProxyHost $http_host;
> proxy_set_header X-ProxyPort 80;
> proxy_set_header X-ProxyContextPath "";
> }
>
> I tried to change the scheme to HTTPS and port to 443 but no luck.
>
> Any tips or hints?
>
>
> Regards,
> Michail
>