[
https://issues.apache.org/jira/browse/NIFI-9469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17473093#comment-17473093
]
Gilles Perreault commented on NIFI-9469:
----------------------------------------
Hi [~exceptionfactory] , I appreciate that you re-open this Jira. I'll keep in
mind the mailing list for additionnal issues...
Here are the configurations files relevant portions:
1- /data/apache2rpxy/conf/apps/s01.prod.nifi.conf
......
RequestHeader add X-ProxyScheme "http"
RequestHeader add X-ProxyHost "n1-nifi.capitale.qc.ca"
RequestHeader add X-ProxyPort "80"
RequestHeader add X-ProxyContextPath "/" <== This line is
required for the 1.9.2 version to work, if present or removed for 1.15.2, the
same stack trace
is produced (see below)
....
2- /data/apps/s01/prod/nifi-1.15.2/conf/nifi.properties
.....
nifi.web.proxy.context.path=
nifi.web.proxy.host=
.....
Stack trace:
2022-01-11 13:54:30,366 WARN [NiFi Web Server-23]
org.eclipse.jetty.server.HttpChannel /nifi-api/flow/current-user
javax.ws.rs.core.UriBuilderException: The provided context path [/] was not
registered as allowed [[]]
at
org.apache.nifi.web.util.WebUtils.verifyContextPath(WebUtils.java:132)
at
org.apache.nifi.web.util.RequestUriBuilder.fromHttpServletRequest(RequestUriBuilder.java:59)
at
org.apache.nifi.web.security.csrf.StandardCookieCsrfTokenRepository.getCookiePath(StandardCookieCsrfTokenRepository.java:121)
at
org.apache.nifi.web.security.csrf.StandardCookieCsrfTokenRepository.saveToken(StandardCookieCsrfTokenRepository.java:94)
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:108)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:487)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:336)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:301)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.apache.nifi.web.security.headers.XContentTypeOptionsFilter.doFilter(XContentTypeOptionsFilter.java:48)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.apache.nifi.web.security.headers.XSSProtectionFilter.doFilter(XSSProtectionFilter.java:48)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:47)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.apache.nifi.web.security.headers.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:48)
at
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:763)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191)
at
org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at
org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:400)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:645)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:392)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:748)
Thanks
> Context path issue when NiFi is served behind proxy server
> ----------------------------------------------------------
>
> Key: NIFI-9469
> URL: https://issues.apache.org/jira/browse/NIFI-9469
> Project: Apache NiFi
> Issue Type: Bug
> Components: Configuration
> Affects Versions: 1.15.0
> Environment: CentOS 7, openjdk version "1.8.0_312"
> Reporter: Eric Porter
> Priority: Minor
> Labels: proxy
>
> After upgrading to NiFi 1.15.0 we noticed that we could no longer reach nifi
> on the root context path. The error we were seeing follows:
> {noformat}
> javax.ws.rs.core.UriBuilderException: The provided context path [/] was not
> registered as allowed [[]] {noformat}
> Our nifi.web.proxy.context.path was set to:
> {noformat}
> nifi.web.proxy.context.path=/{noformat}
>
> To troubleshoot, we added /nifi to the nifi.web.proxy.context.path property
> and changed our X-ProxyContextPath proxy setting to "/nifi" and found that we
> could load nifi.
> {noformat}
> nifi.web.proxy.context.path=/nifi,/
> X-ProxyContextPath "/nifi"{noformat}
> However, leaving X-ProxyContentPath set to "/" and setting
> nifi.web.proxy.context.path=/nifi,/ resulted in the same error, but helped us
> to discover that there seems to be an issue with parsing the single '/'
> character from the nifi.web.proxy.context.path setting.
> {code:java}
> javax.ws.rs.core.UriBuilderException: The provided context path [/] was not
> registered as allowed [[/nifi, ]] {code}
> After trying different escaping methods, were able to work around this issue
> by using the following setting:
> {noformat}
> nifi.web.proxy.context.path=//{noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
