Support Questions

Find answers, ask questions, and share your expertise

NGINX reverse proxy to NIFI: contextpath issue

avatar
Explorer
I have 2 NIFI instance on differents servers with 1 NGINX reverse proxy in front.

It should go like this:

NGINX Reverse proxy > proxy.lan/nifi1 goes to the NIFI 1 instance on nifi1.lan
NGINX Reverse proxy > proxy.lan/nifi2 goes to the NIFI 2 instance on nifi2.lan

 

NGINX reverse proxy runs on 192.168.1.114:80 NIFI runs on 192.168.1.153:8080

 

My configuration file nginx.conf:

server {
listen 80
server_name 192.168.1.114;

location /nifi1 {
proxy_set_header X-ProxyScheme "http";
proxy_set_header X-ProxyHost "192.168.1.114";
proxy_set_header X-ProxyPort "80";
proxy_set_header X-ProxyContextPath "/nifi1";
proxy_pass http://192.168.1.153:8080;
}
}

 

This is my NIFI nifi.properties file:

nifi.web.proxy.content.path=/nifi1
nifi.web.proxy.host=192.168.1.114:80

 

When accessing http://192.168.1.114/nifi1 , I will get the message "Did you mean /nifi" but the page looks off. It's missing the styling of the page.

 

I get redirected after 5 secs to http://192.168.1.114/nifi1/nifi  and the same message appears "Did you mean /nifi", again, without any styling.

 

And it just keeps redirecting over and over, retrying http://192.168.1.114/nifi/nifi1 .

Either i'm missing a configuration in NGINX and it's not passing what NIFI is looking for, or NIFI can't process my request from NGINX and it's in a redirecting loop.

 

When going directly to http://192.168.1.153:8080/nifi , I can get the page just fine.

 

Any clues? I've enabled the DEBUGGING logs on the NIFI side but I can't really see anything that could identify the problem.

 

Anyone? thanks! 🙂

1 ACCEPTED SOLUTION

avatar
Explorer

It's fixed.

 

server {
listen 80
server_name 192.168.1.114;

location /nifi1/ {
proxy_set_header X-ProxyScheme "http";
proxy_set_header X-ProxyHost "192.168.1.114";
proxy_set_header X-ProxyPort "80";
proxy_set_header X-ProxyContextPath "/nifi1";
proxy_pass http://192.168.1.153:8080/;
}
}

Needed to append a trailing slash to my location and my proxy_pass.

View solution in original post

3 REPLIES 3

avatar
Explorer

It's fixed.

 

server {
listen 80
server_name 192.168.1.114;

location /nifi1/ {
proxy_set_header X-ProxyScheme "http";
proxy_set_header X-ProxyHost "192.168.1.114";
proxy_set_header X-ProxyPort "80";
proxy_set_header X-ProxyContextPath "/nifi1";
proxy_pass http://192.168.1.153:8080/;
}
}

Needed to append a trailing slash to my location and my proxy_pass.

avatar
Explorer

Still having a bit of issues enabling HTTPS.

 

You don't need to have an PKI to enter the NIFI instance. The NIFI instance will check if you are part of an LDAP group and let you in.

 

I'm not sure how the reverse proxy handles this?

avatar
Explorer

To give you a bit of context.

 

NIFI is configured to look up AD users. If they are part of a group, they have access. This works by going to my https://nifi1.network.local:844/nifi

 

NGINX is configured to proxy https://proxy.network.local to https://proxy.network.local/nifi1

 

When going to https://proxy.network.local i'll get redirected to https://proxy.network.loca/nifi1. I can log in but then, I get a 404 error. If I press back in the browser, it will show me as logged in.

 

I can't find any tutorials or how-tos on how to achieve this.

 

I'm not using PKI certificates for users. They need to enter the username/password to be sent to AD for authentication.

 

Anyone? Thanks 😄