Welcome! Log In Create A New Profile

Advanced

Unable to reverse proxy requests to Nifi running in the backend using client auth mechanism

December 21, 2020 06:48AM
I have configured Nginx as reverse proxy server for my Nifi Application running in the backend on port 9443;

Here goes my nginx conf:


worker_processes 1;

events { worker_connections 1024; }

http {

map_hash_bucket_size 128;
sendfile on;
large_client_header_buffers 4 64k;

upstream nifi {
server cloud-analytics-test2-nifi-a.insights.io:9443;
}



server {
listen 443 ssl;
#ssl on;
server_name nifi-test-nginx.insights.np.vocera.io;
ssl_certificate /etc/nginx/cert1.pem;
ssl_certificate_key /etc/nginx/privkey1.pem;

ssl_client_certificate /etc/nginx/nifi-client.pem;
ssl_verify_client optional_no_ca;
ssl_verify_depth 2;

error_log /var/log/nginx/error.log debug;

proxy_ssl_certificate /etc/nginx/cert1.pem;
proxy_ssl_certificate_key /etc/nginx/privkey1.pem;
proxy_ssl_trusted_certificate /etc/nginx/nifi-client.pem;

location / {
proxy_pass https://nifi;
proxy_set_header X-ProxyScheme https;
proxy_set_header X-ProxyHost nifi-test-nginx.insights.io;
proxy_set_header X-ProxyPort 443;
proxy_set_header X-ProxyContextPath /;
proxy_set_header X-ProxiedEntitiesChain "<$ssl_client_s_dn>";
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
}
}

}

When ever I try to access Nifi using Nginx Reverse Proxy Address/hostname I am getting below error.




```2020/12/21 11:46:45 [debug] 14165#0: *5 SSL_shutdown: 1
2020/12/21 11:46:45 [debug] 14165#0: *5 reusable connection: 0
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F192862800
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F192801300
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F19280EC50, unused: 8
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F1928596D0, unused: 384
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL handshake handler: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_do_handshake: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL handshake handler: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 verify:0, error:2, depth:1, subject:"/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA", issuer:"/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority"
2020/12/21 11:46:45 [debug] 14165#0: *6 verify:1, error:2, depth:0, subject:"/CN=nifi-admin.insights.io", issuer:"/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA"
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_do_handshake: 1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2020/12/21 11:46:45 [debug] 14165#0: *6 reusable connection: 1
2020/12/21 11:46:45 [debug] 14165#0: *6 http wait request handler
2020/12/21 11:46:45 [debug] 14165#0: *6 malloc: 000055F192801300:1024
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 free: 000055F192801300
2020/12/21 11:46:45 [debug] 14165#0: *6 http wait request handler
2020/12/21 11:46:45 [debug] 14165#0: *6 malloc: 000055F192801300:1024
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: 570
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 reusable connection: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 posix_memalign: 000055F1928687C0:4096 @16
2020/12/21 11:46:45 [debug] 14165#0: *6 http process request line
2020/12/21 11:46:45 [debug] 14165#0: *6 http request line: "GET /favicon.ico HTTP/1.1"
2020/12/21 11:46:45 [debug] 14165#0: *6 http uri: "/favicon.ico"
2020/12/21 11:46:45 [debug] 14165#0: *6 http args: ""
2020/12/21 11:46:45 [debug] 14165#0: *6 http exten: "ico"
2020/12/21 11:46:45 [debug] 14165#0: *6 posix_memalign: 000055F192854110:4096 @16
2020/12/21 11:46:45 [debug] 14165#0: *6 http process request header line
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Host: nifi-test-nginx.insights.io"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Connection: keep-alive"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Site: same-origin"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Mode: no-cors"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Dest: image"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Referer: https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept-Encoding: gzip, deflate, br"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept-Language: en-US,en;q=0.9"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header done
2020/12/21 11:46:45 [info] 14165#0: *6 client SSL certificate verify error: (2:unable to get issuer certificate) while reading client request headers, client: 49.207.211.47, server: nifi-test-nginx.insights.io, request: "GET /favicon.ico HTTP/1.1", host: "nifi-test-nginx.insights.io", referrer: "https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"
2020/12/21 11:46:45 [debug] 14165#0: *6 http finalize request: 495, "/favicon.ico?" a:1, c:1
2020/12/21 11:46:45 [debug] 14165#0: *6 event timer del: 11: 2253744188
2020/12/21 11:46:45 [debug] 14165#0: *6 http special response: 495, "/favicon.ico?"
2020/12/21 11:46:45 [debug] 14165#0: *6 http set discard body
2020/12/21 11:46:45 [debug] 14165#0: *6 HTTP/1.1 400 Bad Request
Server: nginx/1.18.0
Date: Mon, 21 Dec 2020 11:46:45 GMT
Content-Type: text/html
Content-Length: 617
Connection: close
```

Can someone help me in fixing above error.
Subject Author Posted

Unable to reverse proxy requests to Nifi running in the backend using client auth mechanism

balu December 21, 2020 06:48AM

Re: Unable to reverse proxy requests to Nifi running in the backend using client auth mechanism

Francis Daly December 26, 2020 01:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 60
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready