Support Questions

I have set up Apache NiFi in a Docker container and am using Nginx as a reverse proxy to handle SSL termination. However, when I try to access the NiFi UI through the custom domain configured in Nginx, I receive an "HTTP ERROR 400 Invalid SNI" message.

Below is my Docker Compose configuration:

version: '3'
services:
  nifi:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8443:8443"
    volumes:
      - nifi-data:/opt/nifi/nifi-current

  nginx:
    image: nginx:latest
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./sslcert:/etc/nginx/sslcert
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - nifi

volumes:
  nifi-data:

events {}

http {
    server {
        listen 80;
        server_name nifi.xxx-xxx-python-mps;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name nifi.xxx-xxx-python-mps;

        ssl_certificate /etc/nginx/sslcert/nifi.xxx-xxx-python-mps.pem;
        ssl_certificate_key /etc/nginx/sslcert/nifi.xxx-xxx-python-mps-key.pem;


        location / {
            proxy_pass https://nifi:8443;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering off;
        }
    }
}

The SSL certificate is self-signed and generated specifically for the domain nifi.my-custom-domain. When accessing the NiFi UI, I encounter the following error:

HTTP ERROR 400 Invalid SNI
URI:    https://nifi.iyed-netze-python-mps/nifi/
STATUS: 400
MESSAGE:    Invalid SNI
CAUSED BY:  org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
Caused by:
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
    at org.eclipse.jetty.server.SecureRequestCustomizer.checkSni(SecureRequestCustomizer.java:229)
    at org.eclipse.jetty.server.SecureRequestCustomizer.newSecureRequest(SecureRequestCustomizer.java:208)
    at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:197)
    at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:587)
    at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:424)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
    at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:136)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156)
    at java.base/java.lang.Thread.run(Thread.java:1583)

What might be causing the "Invalid SNI" error in this setup? How can I troubleshoot this issue further? PS: I have added the custom domain to etc/hosts, and it works for routing to localhost