I'm trying to setup NGINX reverse proxy with a secure, standalone, NiFi server upstream.

Based on a review of the NGINX and NiFi log files, along with other information, it looks like the reverse proxy is not forwarding the remote client info to NiFi.


1. NGINX access.log:

"GET /nifi-api/flow/current-user HTTP/1.1" 401 85 "https://<uri>"
"GET /nifi/login HTTP/1.1" 200 832 "https://<uri>"
"GET /nifi/css/nf-login-all.css?1.9.1 HTTP/1.1" 200 2426 "https://uri/login"
"GET /nifi-api/access/config HTTP/1.1" 200 54 "https://<uri>/login"
"GET /nifi-api/access HTTP/1.1" 200 108 "https://<uri>/login"

2. NIFI nifi-user.log:

GET request for (<><CN=reverse_proxy, OU=NiFi>)
Authentication success for anonymous
anonymous does not have permission to access the requested resource...Unknown user with identity 'anonymous.' Returning Unauthorized response.

3. NiFI User Interface: Success: You are already logged in

I'm not really sure whether getting the proper headers passed is a configuration problem in the NiFi.properties > nifi.web.proxy.context.path or in the nginx.conf file; however, the NiFi docs say that if the nifi.web.proxy.context.path is not configured properly then "An unexpected error has occurred" page will be shown and an error will be written to the nifi-app.log." and there is no such error message in the nifi-app.log.

That indicates to me that thethe reverse proxy isn't including the required client information.

Any help appreciated.

Thanks.