Securing Nifi registry with nginx Error

Wed, 20 Jun 2018 05:53:11 -0700 

I followed this tutorial to set up a secure version of Nifi registry: 
https://community.hortonworks.com/content/kbentry/170966/setting-up-a-secure-apache-nifi-registry.html

I am working on an ubuntu server. I do not have the possibility to generate the 
keychain and to access the graphical interface of nifi I use google chrome on 
my local machine (windows10). So I imported the p12 file in my browser. My 
nginx configuration file is as follows:

upstream container {  
  server 172.0.0.2:9000;
} 
server { 
listen 443 ssl;
ssl On;
ssl_certificate  /etc/letsencrypt/live/sm/fullchain.pem; 
#/etc/nginx/ssl/fullchain.$
ssl_certificate_key   /etc/letsencrypt/live/sm/privkey.pem; 
#/etc/nginx/ssl/privkey$
       if ($ssl_protocol = "") {
         rewrite ^ https://$host$request_uri? permanent;  # optional, to force 
use of$
        }  
root /var/www/html;
 # Add index.php to the list if you are using PHP
      index index.html index.htm index.php;
       server_name workshop1.smart-mobility.alstom.com; # managed by Certbot


      location ~ \.php$ {
               include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
                auth_basic "Restricted";
                auth_basic_user_file /etc/nginx/.htpasswd;
        }
        location ~ /\.ht {
                deny all;        }    

     location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;  
                auth_basic "Restricted";auth_basic_user_file 
/etc/nginx/.htpasswd;
        }     

    location /nifi-registry-api/ {      
       rewrite ^/nifi-registry-api/(.*) /nifi-registry-api/$1 break;   
       proxy_pass https://localhost:18443/nifi-registry;             
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade; 
       proxy_set_header Connection 'upgrade'; 
       proxy_set_header Host $host;
       proxy_cache_bypass $http_upgrade;
        }

        location /nifi-registry/ {
        proxy_pass https://localhost:18443/nifi-registry;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-ProxyScheme "https";
        proxy_set_header X-ProxyHost $proxy_host;  
        proxy_set_header X-ProxiedEntitiesChain "<%{SSL_CLIENT_S_DN}>";   
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;    

   } }


When I log on to the nifi-registry page I have the following error: 502 Bad 
Gateway

can someone help me on this point please I do not find examples

Error log nginx :

*28739 SSL_do_handshake() failed (SSL: error:14094412:SSL 
routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while 
SSL hands

Reply via email to