Dirk Hennig created NIFI-14754:
----------------------------------
Summary: nifi-api ignores nifi.web.proxy.host for PUT and OPTIONS
requests
Key: NIFI-14754
URL: https://issues.apache.org/jira/browse/NIFI-14754
Project: Apache NiFi
Issue Type: Bug
Components: NiFi API
Affects Versions: 2.4.0
Reporter: Dirk Hennig
I try to install NiFi 2.4 behind an inbound frontend loadbalancer/proxy
(haproxy) with its own DNS name for the NiFi secured cluster eg.
cluster.external.domain port 8443
The nifi nodes in the backend have their internal hostnames eg.
node1.internal.domain on port 8443
The haproxy has the configuration (shortened):
frontend dmaas-drcc-http
bind *:8443 ssl crt /etc/haproxy/ssl/cluster.external.domain.pem
acl dns_drccrat hdr(host) -m beg nifi-p-drcc-rat.bdps.vodafone.com
acl path_nifi path -i -m beg /nifi
use_backend nifi_drccrat_backend if dns_drccrat path_nifi
backend nifi_drccrat_backend
http-response set-header X-ProxyScheme: "https"
http-response set-header X-ProxyHost: cluster.external.domain
http-response set-header X-ProxyPort: 8443
http-response set-header X-ProxyContextPath: /nifi
server node1.internal.domain node1.internal.domain:8443/nifi check ssl
verify none cookie 111...
server node2.internal.domain node2.internal.domain:8443/nifi check ssl
verify none cookie 222...
server node3.internal.domain node3.internal.domain:8443/nifi check ssl
verify none cookie 333...
The NiFi nodes hostnames are configured in nifi.properties as following:
nifi.web.https.host=node1.internal.domain
nifi.web.https.port=8443
nifi.web.proxy.context.path=/nifi
nifi.web.proxy.host=cluster.external.domain:8443, node1.internal.domain:8443
I can login to the nifi cluster and browse the canvas and settings as all http
GET URLs which are send to the browser are generated with the correct external
dns name cluster.external.domain:8443
But there are some exceptions, URLs which are generated as PUT or OPTIONS
methods, have the wrong hostname and port. They just have the
node1.internal.domain and the default https port. For this reasons this
requests cannot reach the backend because they try to bypass the haproxy with
the wrong port
Example:
The request to modify policies https:/cluster.external.domain
port:8443/nifi-api/flow/about returns
{"about":\{"title":"NiFi","version":"2.4.0","uri":"https://node1.internal.domain:443/nifi-api/","contentViewerUrl":"node1.internal.domain:443/nifi/#/content-viewer","timezone":"CEST","buildTag":"rel/nifi-2.4.0"}}
But it should return
{"about":\{"title":"NiFi","version":"2.4.0","uri":"https://cluster.external.domain:8443/nifi-api/","contentViewerUrl":"cluster.external.domain:8443/nifi/#/content-viewer","timezone":"CEST","buildTag":"rel/nifi-2.4.0"}}
All subsequend nifi-api URLs are then generated by the GUI with the wrong
internal hostname and will fail.
In NiFi 1.x this setup was working fine, in NiFi 2.x this stopped working.
I am stuck now with the deployment. Please can you assist here?
Many thanks in advance
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
