Pavel Klyuev created NIFI-12881:
-----------------------------------
Summary: Issue with NiFi UI HTTP Session behind NGINX Reverse
Proxy
Key: NIFI-12881
URL: https://issues.apache.org/jira/browse/NIFI-12881
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.23.2
Reporter: Pavel Klyuev
Greetings,
I am encountering a perplexing issue with NiFi's UI HTTP Session when accessed
behind an NGINX Reverse Proxy. The error message I'm encountering is as follows:
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected,
or no matching key(s) found",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"It happens after
upgrade from 1.11.4 -> 1.23.2
Here's a brief overview of my setup:
* I have configured Sticky Sessions for nifi.web.https.host.
* Upstream is configured for each NiFi Instance (https) using IP Address and
port 8443.
Despite having similar configurations for two other NiFi clusters behind an
NGINX Reverse Proxy, I do not encounter any issues with them.
What's particularly puzzling is that when accessing NiFi instances directly,
the session behaves as expected and does not disconnect.
Could anyone provide guidance on how to debug this error or suggest possible
solutions? Any insights or experiences shared would be greatly appreciated.
Additionally, I would like to highlight that we've observed some errors (401,
502) in the NGINX logs related to node communication within the session.
Thank you in advance for your assistance.
!https://community.cloudera.com/t5/image/serverpage/image-id/39985i0984DAA81520E014/image-size/medium?v=v2&px=400!
Warm regards,
Pavel Klyuev
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
