Support Questions

Find answers, ask questions, and share your expertise

Issue with NiFi UI HTTP Session behind NGINX Reverse Proxy

avatar
Explorer

Greetings Cloudera Community,

I am encountering a perplexing issue with NiFi's UI HTTP Session when accessed behind an NGINX Reverse Proxy. The error message I'm encountering is as follows:

 

Unauthorized error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

 

It happens after upgrade from 1.11.4 -> 1.23.2

Here's a brief overview of my setup:

  • I have configured Sticky Sessions for nifi.web.https.host.
  • Upstream is configured for each NiFi Instance (https) using IP Address and port 8443.

Despite having similar configurations for two other NiFi clusters behind an NGINX Reverse Proxy, I do not encounter any issues with them.

What's particularly puzzling is that when accessing NiFi instances directly, the session behaves as expected and does not disconnect.

Could anyone provide guidance on how to debug this error or suggest possible solutions? Any insights or experiences shared would be greatly appreciated.

Additionally, I would like to highlight that we've observed some errors (401, 502) in the NGINX logs related to node communication within the session.

Thank you in advance for your assistance.

pashtet04_0-1709728397088.png

Warm regards,
Pavel Klyuev

0 REPLIES 0