Hey, thanks for reaching out. There are a couple of key items to know when standing up NiFi behind a proxy.
1) NiFi is comprised of a number of web applications (web ui, web api, documentation, custom ui's, etc). So you'll need to set up your mapping to the root path. That way all context paths are pass through accordingly. For instance, if you only mapped the /nifi context path, the custom ui for Update Attributes will not work since it's available at /update-attribute-ui-<version>. 2) NiFi's rest api will generate uri's for each component on the graph. Since your coming through a proxy, you'll need to override certain elements of the uri's being generated. This is why you're able to view the graph, but you cannot modify anything. It's attempting to call back directly to your NiFi, not through your proxy. You can override the elements of the uri by adding the following HTTP headers when your proxy generates the HTTP request to the NiFi instance: X-ProxyScheme - the scheme to use to connect to your proxy (https in this case) X-ProxyHost - the host of your proxy X-ProxyPort - the port your proxy is listening on X-ProxyContextPath - the path you've configured to map to the NiFi instance Let me know if this helps. Thanks! Matt On Fri, Oct 21, 2016 at 12:49 AM, skunky <[email protected]> wrote: > Hi guys, > I have one big issue regarding nifi over https, and just dont't have any > clue to solve it. > > I have a nifi instance behind a balancer ( haproxy ) that does a ssl > termination, by presenting a certiticate to the user, and than forward > request to nifi backend over http protocol ( without auth). > The point is, that nifi page opens. But in the moment that I try to make > any > change to the canvas, > the browser brake the connection because of the mixed-content. > - first request that opens nifi page is ok ( https://balancer_ip:444 ) > - second request when I try to make changes is blocked ( > http://balancer_ip:444) > So, it seems that I have to run nifi fully ssl-encrypted. Here comes > the > problem ( and the question ): > Is there a way to run nifi over ssl BUT with anonymous auth, an MOST > important thing without any key/certificate imported into the users's > browser ? > I just need to run it over ssl. I'm desperate looking for a solution, > for two days... > Thanks in advance ! > > > > -- > View this message in context: http://apache-nifi-developer- > list.39713.n7.nabble.com/Nifi-1-0-0-HTTPS-tp13683.html > Sent from the Apache NiFi Developer List mailing list archive at > Nabble.com. >
