Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Securing Nifi registry with nginx Error

Highlighted

Securing Nifi registry with nginx Error

Contributor

Hello, I followed this tutorial to set up a secure version of Nifi registry: https://community.hortonworks.com/content/kbentry/170966/setting-up-a-secure-apache-nifi-registry.ht...

I am working on an ubuntu server. I do not have the possibility to generate the keychain and to access the graphical interface of nifi I use google chrome on my local machine (windows10). So I imported the p12 file in my browser. My nginx configuration file is as follows:

upstream container {  
  server 172.0.0.2:9000;
} 
server { 
listen 443 ssl;
ssl On;
ssl_certificate  /etc/letsencrypt/live/sm/fullchain.pem; #/etc/nginx/ssl/fullchain.$
ssl_certificate_key   /etc/letsencrypt/live/sm/privkey.pem; #/etc/nginx/ssl/privkey$
       if ($ssl_protocol = "") {
         rewrite ^ https://$host$request_uri? permanent;  # optional, to force use of$
        }  
root /var/www/html;
 # Add index.php to the list if you are using PHP
      index index.html index.htm index.php;
       server_name workshop1.smart-mobility.alstom.com; # managed by Certbot

  
      location ~ \.php$ {
               include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
                auth_basic "Restricted";
                auth_basic_user_file /etc/nginx/.htpasswd;
        }
        location ~ /\.ht {
                deny all;        }    

     location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;  
                auth_basic "Restricted";auth_basic_user_file /etc/nginx/.htpasswd;
        }     

    location /nifi-registry-api/ {      
       rewrite ^/nifi-registry-api/(.*) /nifi-registry-api/$1 break;   
       proxy_pass https://localhost:18443/nifi-registry;             
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade; 
       proxy_set_header Connection 'upgrade'; 
       proxy_set_header Host $host;
       proxy_cache_bypass $http_upgrade;
        }

        location /nifi-registry/ {
        proxy_pass https://localhost:18443/nifi-registry;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-ProxyScheme "https";
        proxy_set_header X-ProxyHost $proxy_host;  
        proxy_set_header X-ProxiedEntitiesChain "<%{SSL_CLIENT_S_DN}>";   
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;    

   } }

When I log on to the nifi-registry page I have the following error: 502 Bad Gateway

can someone help me on this point please I do not find examples