Hi Elemir, I was able to reproduce your issue with a simple nginx-NiFi setup, both running on localhost. My guess is that the cause is that POST is missing from allowed methods list from the /process-groups/*/templates/upload path [1]. The commit which introduced this change explicitly states that POSTs need to come from the same origin but I don't know the reason behind this decision. I'll file a Jira ticket to discuss the issue there (or on the dev@ list). I'm not sure if there is any workaround for this.
Best, Denes [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java#L125 On Fri, Feb 22, 2019 at 7:06 AM Elemir Stevko <[email protected]> wrote: > Hello, > > I have been running a single instance of NiFi server v1.7.1 on AWS behind > ALB and nginx: > > ALB -> nginx -> NiFi > > The configuration has been working fine, but since NiFi v1.8.0, I get > Invalid CORS request error when I try uploading a template file. Is there > anything I need to change in the proxy configuration as compared to NiFi > v1.7.1? > > Here are more details on the NiFi configuration: > > - ALB terminates the HTTPS connection and opens a new HTTPS connection to > nginx which then proxies the request to NiFi server. > > - NiFi server is configured with OIDC authentication. Neither ALB nor > nginx authenticate the clients, they just proxy the requests to NiFi. > > - nginx is configured similarly to Koji's repo > ijokarumawak/nifi-reverseproxy (nginx/standalone-plain-http/nginx.conf): > > server_names_hash_bucket_size 128; > > upstream localhost { > server localhost:9443; > } > > server { > listen 443 ssl; > server_name _; > ssl_certificate /usr/local/etc/ssl/public.pem; > ssl_certificate_key /usr/local/etc/ssl/private.key; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers HIGH:!aNULL:!MD5; > > proxy_ssl_trusted_certificate /opt/nifi/cert/nifi-cert.pem; > > access_log /var/log/nginx/nifi.access.log combined; > > location / { > proxy_pass https://localhost; > proxy_set_header X-ProxyScheme https; > proxy_set_header X-ProxyHost $host; > proxy_set_header X-ProxyPort 443; > proxy_set_header X-ProxyContextPath /; > } > } > > Best regards, > Elemir >
