[jira] [Updated] (NIFI-5237) Wrong redirect from login behind a context path, when using OpenID authentication
[ https://issues.apache.org/jira/browse/NIFI-5237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Damian Czaja updated NIFI-5237: --- Summary: Wrong redirect from login behind a context path, when using OpenID authentication (was: Wrong edirect behind a context path, when using OpenID authentication) > Wrong redirect from login behind a context path, when using OpenID > authentication > - > > Key: NIFI-5237 > URL: https://issues.apache.org/jira/browse/NIFI-5237 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.6.0 > Environment: NiFi behind a reverse proxy (HAProxy) >Reporter: Damian Czaja >Priority: Major > > When I deploy NiFi behind a custom context path eg > ([https://my-nifi/my/context/path/)|https://nifi/my/context/path/)] and using > OpenID authentication, after the login I'm redirected to > [https://my-nifi/nifi/|https://my-nifi/nifi] instead of > [https://my-nifi/my/context/path/nifi/] . > My presumption is, that the relative redirect in > httpServletResponse.sendRedirect it's respecting the contextPath provided in > the X-ProxyContextPath header: > [https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java#L269] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (NIFI-5237) Wrong edirect behind a context path, when using OpenID authentication
Damian Czaja created NIFI-5237: -- Summary: Wrong edirect behind a context path, when using OpenID authentication Key: NIFI-5237 URL: https://issues.apache.org/jira/browse/NIFI-5237 Project: Apache NiFi Issue Type: Bug Affects Versions: 1.6.0 Environment: NiFi behind a reverse proxy (HAProxy) Reporter: Damian Czaja When I deploy NiFi behind a custom context path eg ([https://my-nifi/my/context/path/)|https://nifi/my/context/path/)] and using OpenID authentication, after the login I'm redirected to [https://my-nifi/nifi/|https://my-nifi/nifi] instead of [https://my-nifi/my/context/path/nifi/] . My presumption is, that the relative redirect in httpServletResponse.sendRedirect it's respecting the contextPath provided in the X-ProxyContextPath header: [https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java#L269] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5237) Wrong redirect from login behind a context path, when using OpenID authentication
[
https://issues.apache.org/jira/browse/NIFI-5237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16494930#comment-16494930
]
Damian Czaja commented on NIFI-5237:
I have the following entries in HAProxy:
http-request set-header X-ProxyHost my-nifi
http-request set-header X-ProxyPort 80
http-request set-header X-ProxyContextPath /my/context/path/
server nifi \{{HOSTNAME}}:8080
and to access NiFi I go to:
[http://my-nifi/my/context/path/nifi/.|http://my-nifi/my/context/path/nifi/]
API in this case is under
[http://my-nifi/my/context/path/nifi-api/.|http://my-nifi/my/context/path/nifi/]
NiFi is working fine, I can access the UI and the NiFi API. The only problem I
have is, that after the OpenID provider redirects the browser back to NiFi (to
the oidc/callback endpoint), it processes the callback and redirects to
[http://my-nifi/nifi/], ignoring the root path provided in the
X-ProxyContextPath.
> Wrong redirect from login behind a context path, when using OpenID
> authentication
> -
>
> Key: NIFI-5237
> URL: https://issues.apache.org/jira/browse/NIFI-5237
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.6.0
> Environment: NiFi behind a reverse proxy (HAProxy)
>Reporter: Damian Czaja
>Priority: Major
>
> When I deploy NiFi behind a custom context path eg
> ([https://my-nifi/my/context/path/)|https://nifi/my/context/path/)] and using
> OpenID authentication, after the login I'm redirected to
> [https://my-nifi/nifi/|https://my-nifi/nifi] instead of
> [https://my-nifi/my/context/path/nifi/] .
> My presumption is, that the relative redirect in
> httpServletResponse.sendRedirect it's respecting the contextPath provided in
> the X-ProxyContextPath header:
> [https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java#L269]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (NIFI-4937) Cannot GET /nifi-api/flow/bulletin-board behind reverse proxy
[
https://issues.apache.org/jira/browse/NIFI-4937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Damian Czaja resolved NIFI-4937.
Resolution: Fixed
Fix Version/s: 1.6.0
OK, I checked with the current HEAD and looks it fixed and will be released in
1.6.0
> Cannot GET /nifi-api/flow/bulletin-board behind reverse proxy
> -
>
> Key: NIFI-4937
> URL: https://issues.apache.org/jira/browse/NIFI-4937
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.5.0
> Environment: NiFi on Docker + TinyProxy
>Reporter: Damian Czaja
>Priority: Minor
> Fix For: 1.6.0
>
> Attachments: nifi_bulletin_board_error.png
>
>
> Hello,
> I have an problem, when running NiFi on Docker behind a reverse proxy
> (TinyProxy).
> TinyProxy configuration adds three headers. NiFi is working on the same host
> on port 8080.
> {code:java}
> tinyproxy.conf
> ...
> AddHeader "X-ProxyHost" "public.domain.com"
> AddHeader "X-ProxyContextPath" "/path/to/nifi"
> AddHeader "X-ProxyPort" "443"
> ReversePath "/" "http://localhost:8080/"{code}
> I can access NiFi through [https://public.domain.com/path/to/nifi/nifi/] and
> NiFi works fine, but I'm getting sometimes a popup, which states, that is
> cannot GET /nifi-api/flow/bulletin-board. For ex. I happens, when I try to
> view configuration of a Controller Service.
> I recognized, that this request is made directly to NiFi and not through the
> reverse proxy. It looks, that it ignores the X-Proxy headers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (NIFIREG-156) ContextPath for NiFi Registry UI
Damian Czaja created NIFIREG-156:
Summary: ContextPath for NiFi Registry UI
Key: NIFIREG-156
URL: https://issues.apache.org/jira/browse/NIFIREG-156
Project: NiFi Registry
Issue Type: Improvement
Affects Versions: 0.1.0
Environment: NiFi registry 0.1.0 + HAProxy on Docker
Reporter: Damian Czaja
I am trying to deploy NiFi registry behind a reverse proxy, behind an context
path i.e.:
/my-nifi-registry
I added the X-ProxyContextPath header to my HAProxy configuration:
{{http-request set-header X-ProxyContextPath /my-nifi-registry}}
but when accessing the UI I get 404 errors for all js, css etc. files and the
UI isn't loading, because the contextPath isn't used.
>From the code I saw, that only the API is using the X-ProxyContextPath or
>X-Forwarded-For, but the UI isn't. I think it would be useful to add support
>also for the UI.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (NIFI-4937) Cannot GET /nifi-api/flow/bulletin-board behind reverse proxy
Damian Czaja created NIFI-4937:
--
Summary: Cannot GET /nifi-api/flow/bulletin-board behind reverse
proxy
Key: NIFI-4937
URL: https://issues.apache.org/jira/browse/NIFI-4937
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.5.0
Environment: NiFi on Docker + TinyProxy
Reporter: Damian Czaja
Attachments: nifi_bulletin_board_error.png
Hello,
I have an problem, when running NiFi on Docker behind a reverse proxy
(TinyProxy).
TinyProxy configuration adds three headers. NiFi is working on the same host on
port 8080.
{code:java}
tinyproxy.conf
...
AddHeader "X-ProxyHost" "public.domain.com"
AddHeader "X-ProxyContextPath" "/path/to/nifi"
AddHeader "X-ProxyPort" "443"
ReversePath "/" "http://localhost:8080/"{code}
I can access NiFi through [https://public.domain.com/path/to/nifi/nifi/] and
NiFi works fine, but I'm getting sometimes a popup, which states, that is
cannot GET /nifi-api/flow/bulletin-board. For ex. I happens, when I try to view
configuration of a Controller Service.
I recognized, that this request is made directly to NiFi and not through the
reverse proxy. It looks, that it ignores the X-Proxy headers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
