Support Questions

Find answers, ask questions, and share your expertise

Nginx config for Hue - reverse proxy

avatar
Contributor
First of all this is a DEV server, just trying to figure out the configuration. From what I read, this should work, but it is not. 
 
I have a Nginx server running on SSL and trying to do a reverse proxy to a non-ssl cluster (5.15) running Hue. Why does this config not work?
 
server {
  server_name myhostname.com;
  charset utf-8; 
  
  listen 8001;
  ssl on;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate /ssl/grav.crt;
  ssl_certificate_key /ssl/grav.key;
  client_max_body_size 0;
 
  location / {
    proxy_pass http://hue;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;   
  }
 
  location /static/ {
    # Uncomment to expose the static file directories.
    #autoindex on;
 
    # Or if on a parcel install:
    proxy_pass http://hue;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $remote_addr;   
    proxy_set_header X-Forwarded-Proto https;
    #alias /opt/cloudera/parcels/CDH/lib/hue/build/static/;
    expires 30d;
    add_header Cache-Control public;
  }
}
 
upstream hue {
  ip_hash;
 
  # List all the Hue instances here for high availability.
  server node1_IP:8888 max_fails=3;
  server node2_IP:8888 max_fails=3;
}
 
 
Get error message - 
 
login:1 Failed to load resource: the server responded with a status of 404 (Not Found)
12 REPLIES 12

avatar
Contributor

After making the changes, I see this in the log:

2018/12/17 15:47:50 [warn] 20199#20199: could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
2018/12/17 17:49:19 [crit] 20348#20348: *16 SSL_do_handshake() failed (SSL: error:1417D0A0:SSL routines:tls_process_client_hello:length too short) while SSL handshaking, client: <CLIENT_IP>, server: 0.0.0.0:443

 

Config file now:

server {
server_name _;
charset utf-8;

#or if running hue on https://
listen 8001 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /ssl/grav.crt;
ssl_certificate_key /ssl/grav.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
client_max_body_size 0;

location / {
proxy_pass http://hue;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}

location /static/ {
# Uncomment to expose the static file directories.
#autoindex on;

# Or if on a parcel install:
proxy_pass http://hue;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
alias /opt/cloudera/parcels/CDH/lib/hue/build/static/;
expires 30d;
add_header Cache-Control public;
}
}

upstream hue {
ip_hash;

# List all the Hue instances here for high availability.
server <HUE_NODE_1>:8888 max_fails=3;
server <HUE_NODE_2>:8888 max_fails=3;
}

avatar
New Contributor

Can anyone please look at my last post (configs) and let me know if I missed anything else? Thanks.

avatar
Contributor

Can anyone please look at my last post (configs) and let me know if I missed anything else? Thanks.

 

I need to stop using both of my accounts.