Hi Elemir, As a workaround you can try to overwrite the Origin header in the request to the value which is expected by NiFi, in your case it should be https://localhost. (i.e. add proxy_set_header Origin https://localhost; to your nginx config).
I hope this helps, Denes On Fri, Feb 22, 2019 at 11:00 AM Denes Arvay <[email protected]> wrote: > Hi Elemir, > > I was able to reproduce your issue with a simple nginx-NiFi setup, both > running on localhost. > My guess is that the cause is that POST is missing from allowed methods > list from the /process-groups/*/templates/upload path [1]. > The commit which introduced this change explicitly states that POSTs need > to come from the same origin but I don't know the reason behind this > decision. I'll file a Jira ticket to discuss the issue there (or on the dev@ > list). > I'm not sure if there is any workaround for this. > > Best, > Denes > > [1] > https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java#L125 > > On Fri, Feb 22, 2019 at 7:06 AM Elemir Stevko < > [email protected]> wrote: > >> Hello, >> >> I have been running a single instance of NiFi server v1.7.1 on AWS behind >> ALB and nginx: >> >> ALB -> nginx -> NiFi >> >> The configuration has been working fine, but since NiFi v1.8.0, I get >> Invalid CORS request error when I try uploading a template file. Is there >> anything I need to change in the proxy configuration as compared to NiFi >> v1.7.1? >> >> Here are more details on the NiFi configuration: >> >> - ALB terminates the HTTPS connection and opens a new HTTPS connection to >> nginx which then proxies the request to NiFi server. >> >> - NiFi server is configured with OIDC authentication. Neither ALB nor >> nginx authenticate the clients, they just proxy the requests to NiFi. >> >> - nginx is configured similarly to Koji's repo >> ijokarumawak/nifi-reverseproxy (nginx/standalone-plain-http/nginx.conf): >> >> server_names_hash_bucket_size 128; >> >> upstream localhost { >> server localhost:9443; >> } >> >> server { >> listen 443 ssl; >> server_name _; >> ssl_certificate /usr/local/etc/ssl/public.pem; >> ssl_certificate_key /usr/local/etc/ssl/private.key; >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >> ssl_ciphers HIGH:!aNULL:!MD5; >> >> proxy_ssl_trusted_certificate /opt/nifi/cert/nifi-cert.pem; >> >> access_log /var/log/nginx/nifi.access.log combined; >> >> location / { >> proxy_pass https://localhost; >> proxy_set_header X-ProxyScheme https; >> proxy_set_header X-ProxyHost $host; >> proxy_set_header X-ProxyPort 443; >> proxy_set_header X-ProxyContextPath /; >> } >> } >> >> Best regards, >> Elemir >> >
