Re: NIFI NGINX as reverse proxy

michail salichos Mon, 14 Mar 2016 07:55:24 -0700

Hello Aldrin,

Thanks for getting back to me so quickly.


(*)
server
{
        listen  443;
        server_name localhost;
        ssl on;
        ssl_certificate /etc/nginx/ssl/cert.crt;
        ssl_certificate_key /etc/nginx/ssl/cert.key;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers       on;


        root /usr/share/nginx/html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        # Disable sendfile as per
https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
        sendfile off;

        # Add stdout logging

        error_log /dev/stdout info;
        access_log /dev/stdout;

        location / {
               proxy_pass http://localhost:8080;
               proxy_set_header X-ProxyScheme "https";
               proxy_set_header X-ProxyHost $http_host;
               proxy_set_header X-ProxyPort 443;
               proxy_set_header X-ProxyContextPath "";
        }


If I move the location block to port 80 server (http) and replace
X-ProxyScheme and   X-ProxyPort with corresponding HTTP and 80 everything
works just fine.

Kind regards,
Michail

On Mon, Mar 14, 2016 at 3:47 PM, Aldrin Piri <[email protected]> wrote:

> Michall,
>
> A bit outside of the NiFi realm, but I have done similar myself
> previously.  Do you have your server block (likely the one containing this
> location block) established with the appropriate certificates and a listen
> statement with ssl listed after the port? From memory, I do not believe any
> overwriting of the headers should be needed.
>
> Is the problem strictly with NiFi? Are there any other services running
> where this is not an issue?
>
> On Mon, Mar 14, 2016 at 10:36 AM, michail salichos <
> [email protected]> wrote:
>
>> Hello,
>>
>> I followed the instructions here
>>
>> https://www.mail-archive.com/[email protected]/msg00566.html
>>
>> and managed to configure nginx as reverse proxy for HTTP, it works well.
>>
>> However, no matter what I tried I can't configure to terminate HTTPS on
>> nginx and then use plain HTTP to communicate with NIFI. This is the config
>> I am currently using for HTTP and it works
>>
>>         location /nifi {
>>                proxy_pass http://nifi:8080;
>>                proxy_set_header X-ProxyScheme "http";
>>                proxy_set_header X-ProxyHost $http_host;
>>                proxy_set_header X-ProxyPort 80;
>>                proxy_set_header X-ProxyContextPath "";
>>         }
>>
>> I tried to change the scheme to HTTPS and port to 443 but no luck.
>>
>> Any tips or hints?
>>
>>
>> Regards,
>> Michail
>>
>
>

Re: NIFI NGINX as reverse proxy

Reply via email to