Member since
04-30-2022
20
Posts
2
Kudos Received
0
Solutions
03-12-2024
09:11 PM
I have set up Apache NiFi in a Docker container and am using Nginx as a reverse proxy to handle SSL termination. However, when I try to access the NiFi UI through the custom domain configured in Nginx, I receive an "HTTP ERROR 400 Invalid SNI" message. Below is my Docker Compose configuration: version: '3'
services:
nifi:
build:
context: .
dockerfile: Dockerfile
ports:
- "8443:8443"
volumes:
- nifi-data:/opt/nifi/nifi-current
nginx:
image: nginx:latest
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./sslcert:/etc/nginx/sslcert
ports:
- "80:80"
- "443:443"
depends_on:
- nifi
volumes:
nifi-data: And here is the relevant part of my nginx.conf: events {}
http {
server {
listen 80;
server_name nifi.xxx-xxx-python-mps;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name nifi.xxx-xxx-python-mps;
ssl_certificate /etc/nginx/sslcert/nifi.xxx-xxx-python-mps.pem;
ssl_certificate_key /etc/nginx/sslcert/nifi.xxx-xxx-python-mps-key.pem;
location / {
proxy_pass https://nifi:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
} The SSL certificate is self-signed and generated specifically for the domain nifi.my-custom-domain. When accessing the NiFi UI, I encounter the following error: HTTP ERROR 400 Invalid SNI
URI: https://nifi.iyed-netze-python-mps/nifi/
STATUS: 400
MESSAGE: Invalid SNI
CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
Caused by:
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
at org.eclipse.jetty.server.SecureRequestCustomizer.checkSni(SecureRequestCustomizer.java:229)
at org.eclipse.jetty.server.SecureRequestCustomizer.newSecureRequest(SecureRequestCustomizer.java:208)
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:197)
at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:587)
at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:424)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:136)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156)
at java.base/java.lang.Thread.run(Thread.java:1583) What might be causing the "Invalid SNI" error in this setup? How can I troubleshoot this issue further? PS: I have added the custom domain to etc/hosts, and it works for routing to localhost
... View more
Labels:
- Labels:
-
Apache NiFi
03-11-2024
10:30 AM
Hi @MattWho When I attempt to connect using the IP address, I encounter the same message. However, the connection is successful when using 'localhost'. I am aiming to establish a unique DNS name that is distinct from both 'localhost' and the IP address. I'm utilizing Docker to operate Nifi.
... View more
06-26-2023
09:18 AM
@Ghilani You should know these 3 articles intimately if you want to use Execute Script https://community.cloudera.com/t5/Community-Articles/ExecuteScript-Cookbook-part-1/ta-p/248922 https://community.cloudera.com/t5/Community-Articles/ExecuteScript-Cookbook-part-2/ta-p/249018 https://community.cloudera.com/t5/Community-Articles/ExecuteScript-Cookbook-part-3/ta-p/249148 That said, it's sometimes helpful for me to see a working example and modify from there. As such, here is a github with a sample flow definition file (01_Fraud_Detection_Demo_Params_ExecuteScript.json) and script file(Fraud Demo ExecuteScript.py) that should work out of the box: https://github.com/cldr-steven-matison/Fraud-Prevention-With-Cloudera-SSB/tree/main/Templates Pay attention to imports and, then line 160 is what you want to get the flowfile. My flow ignores the content, but you should be able to find references in the Part 1 cookbook for anything you want to do w/ flowfile content.
... View more
12-05-2022
11:33 AM
1 Kudo
@Ghilani NiFi stores Templates in the flow.xml.gz file. the flow.xml.gz is just a compressed copy of dataflow(s) which reside inside NiFi's heap memory while NiFi is running. It is not recommended to keep templates in your NiFi. NiFi templates are also deprecated and will go away in next major release. It is recommended to use NiFi-registry to store version controlled flows. If not using NiFi-Registry, Flow definitions should be downloaded instead of creating templates and stored safely somewhere outside of NiFi itself. A flow definition can be downloaded by right clicking on a process group in NiFi and selecting "Download flow definition". This json file will be generated of that flow and downloaded. Flow definitions can be uploaded to NiFi by dragging the create Process Group icon to the canvas and selecting option to upload flow definition. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
11-10-2022
12:17 PM
I think everything works fine, the json flowfiles are the response of an invokeHttp request to an API, I receive more than 5000 flowfiles, each flowfile contains 200 records. Problems happen only with 4 files that contain the ETX symbol.
... View more
06-20-2022
06:40 AM
I apologize for that, I hope someone else step in and help you with better solution. May I just know why it did not help?
... View more
06-16-2022
07:24 AM
Sorry I forgot to mention that in the PutSql processor set the Batch Size property to 1
... View more
05-06-2022
11:50 AM
@Ghilani While I agree that using record based processors so you can work with single FlowFiles with multiple records in them to make more efficient dataflows, what you are doing here should be possible with a ReplaceText processor in the interim using "Literal Replace": Here we are searching for the pattern _" and replacing it with just ". If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt
... View more