I have configured Nginx as reverse proxy server for my Nifi Application running in the backend on port 9443;

Here goes my nginx conf:


worker_processes 1;

events { worker_connections 1024; }

http {

map_hash_bucket_size 128;
sendfile on;
large_client_header_buffers 4 64k;

upstream nifi {
server cloud-analytics-test2-nifi-a.insights.io:9443;
}



server {
listen 443 ssl;
#ssl on;
server_name nifi-test-nginx.insights.np.vocera.io;
ssl_certificate /etc/nginx/cert1.pem;
ssl_certificate_key /etc/nginx/privkey1.pem;

ssl_client_certificate /etc/nginx/nifi-client.pem;
ssl_verify_client optional_no_ca;
ssl_verify_depth 2;

error_log /var/log/nginx/error.log debug;

proxy_ssl_certificate /etc/nginx/cert1.pem;
proxy_ssl_certificate_key /etc/nginx/privkey1.pem;
proxy_ssl_trusted_certificate /etc/nginx/nifi-client.pem;

location / {
proxy_pass https://nifi;
proxy_set_header X-ProxyScheme https;
proxy_set_header X-ProxyHost nifi-test-nginx.insights.io;
proxy_set_header X-ProxyPort 443;
proxy_set_header X-ProxyContextPath /;
proxy_set_header X-ProxiedEntitiesChain "<$ssl_client_s_dn>";
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
}
}

}

When ever I try to access Nifi using Nginx Reverse Proxy Address/hostname I am getting below error.




```2020/12/21 11:46:45 [debug] 14165#0: *5 SSL_shutdown: 1
2020/12/21 11:46:45 [debug] 14165#0: *5 reusable connection: 0
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F192862800
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F192801300
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F19280EC50, unused: 8
2020/12/21 11:46:45 [debug] 14165#0: *5 free: 000055F1928596D0, unused: 384
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL handshake handler: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_do_handshake: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL handshake handler: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 verify:0, error:2, depth:1, subject:"/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA", issuer:"/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority"
2020/12/21 11:46:45 [debug] 14165#0: *6 verify:1, error:2, depth:0, subject:"/CN=nifi-admin.insights.io", issuer:"/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA"
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_do_handshake: 1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2020/12/21 11:46:45 [debug] 14165#0: *6 reusable connection: 1
2020/12/21 11:46:45 [debug] 14165#0: *6 http wait request handler
2020/12/21 11:46:45 [debug] 14165#0: *6 malloc: 000055F192801300:1024
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 free: 000055F192801300
2020/12/21 11:46:45 [debug] 14165#0: *6 http wait request handler
2020/12/21 11:46:45 [debug] 14165#0: *6 malloc: 000055F192801300:1024
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: 570
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_read: -1
2020/12/21 11:46:45 [debug] 14165#0: *6 SSL_get_error: 2
2020/12/21 11:46:45 [debug] 14165#0: *6 reusable connection: 0
2020/12/21 11:46:45 [debug] 14165#0: *6 posix_memalign: 000055F1928687C0:4096 @16
2020/12/21 11:46:45 [debug] 14165#0: *6 http process request line
2020/12/21 11:46:45 [debug] 14165#0: *6 http request line: "GET /favicon.ico HTTP/1.1"
2020/12/21 11:46:45 [debug] 14165#0: *6 http uri: "/favicon.ico"
2020/12/21 11:46:45 [debug] 14165#0: *6 http args: ""
2020/12/21 11:46:45 [debug] 14165#0: *6 http exten: "ico"
2020/12/21 11:46:45 [debug] 14165#0: *6 posix_memalign: 000055F192854110:4096 @16
2020/12/21 11:46:45 [debug] 14165#0: *6 http process request header line
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Host: nifi-test-nginx.insights.io"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Connection: keep-alive"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Site: same-origin"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Mode: no-cors"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Sec-Fetch-Dest: image"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Referer: https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept-Encoding: gzip, deflate, br"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header: "Accept-Language: en-US,en;q=0.9"
2020/12/21 11:46:45 [debug] 14165#0: *6 http header done
2020/12/21 11:46:45 [info] 14165#0: *6 client SSL certificate verify error: (2:unable to get issuer certificate) while reading client request headers, client: 49.207.211.47, server: nifi-test-nginx.insights.io, request: "GET /favicon.ico HTTP/1.1", host: "nifi-test-nginx.insights.io", referrer: "https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"
2020/12/21 11:46:45 [debug] 14165#0: *6 http finalize request: 495, "/favicon.ico?" a:1, c:1
2020/12/21 11:46:45 [debug] 14165#0: *6 event timer del: 11: 2253744188
2020/12/21 11:46:45 [debug] 14165#0: *6 http special response: 495, "/favicon.ico?"
2020/12/21 11:46:45 [debug] 14165#0: *6 http set discard body
2020/12/21 11:46:45 [debug] 14165#0: *6 HTTP/1.1 400 Bad Request
Server: nginx/1.18.0
Date: Mon, 21 Dec 2020 11:46:45 GMT
Content-Type: text/html
Content-Length: 617
Connection: close
```

Can someone help me in fixing above error.