Support Questions

Nginx log:

2018/12/11 19:44:51 [warn] 19347#19347: could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
2018/12/11 19:51:44 [error] 19352#19352: *3 open() "/www/gravalytics/public/favicon.ico" failed (2: No such
2018/12/11 20:04:18 [error] 19352#19352: *14 connect() failed (111: Connection refused) while connecting to upstream, client: <client_ip>, server: gravalytics.com, request: "GET / HTTP/1.1", upstream: "http://<node1_ip>:8888/", host: "gravalytics.com:8001", referrer: "https://gravalytics.com/"
2018/12/11 20:04:18 [error] 19352#19352: *14 connect() failed (111: Connection refused) while connecting to upstream, client: <client_ip>, server: gravalytics.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://<node1_ip>:8888/favicon.ico", host: "gravalytics.com:8001", referrer: "https://gravalytics.com:8001/"

There is no entry in the Hue instance log in /var/log/hue-httpd/ folder.

Hello,

While we do not provide support directly for Nginx reviewing the log data you have posted it would appear as though the Hue backend you are attempting to proxy to on Node 1 is not accepting incoming request. Are you sure that there are no firewalls between the proxy and the node yo uare connecting to? Are you sure that Hue is available at the address you have configured?

2018/12/11 20:04:18 [error] 19352#19352: *14 connect() failed (111: Connection refused) while connecting to upstream, client: <client_ip>, server: gravalytics.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://<node1_ip>:8888/favicon.ico", host: "gravalytics.com:8001", referrer: "https://gravalytics.com:8001/"

Firewall rules are setup to allow traffic from nginx vm to cluster.

Hue is running on that node and port.

Also another thing to note.

This config works for http (nginx) to http (hue), but fails for https (nginx) to http (hue).

Outside of the last time items below I am not seeing anything else that might be wrong with your configuration. Are you certain that TLS is not already enabled on Hue? 

You seem to have proxy_set_header Host twice in the first location path. Can you please remove this one shown below? 

>   proxy_set_header Host $host;

Also please uncomment the follow line under the static location. This alias is required if you deployed using parcels if you deployed using packages the path will be slightly different.

> #alias /opt/cloudera/parcels/CDH/lib/hue/build/static/;

If you used packages.

# If Hue was installed with packaging install:
## alias /usr/lib/hue/build/static/;

Changed what you requested. Did not help.

Hello,

Can you try commenting out this line in your nginx configuration?

> proxy_set_header X-Forwarded-Proto https;

The error that you are reporting now is being returned directly by Nginx. It means that something is trying to use plain text instead of TLS. You may also have to alter the way the server is configured. At the moment you have set Nginx to accept on TLS request only which may impact your ability to proxy to the backend since it does not use TLS.

You may need to alter the server block, you may need to comment out:

> ssl on

Then alter the listen paramter on Niginx like so:

> listen 8001 ssl;

https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/