是否可以在 NGINX 上使用具有用户身份验证但使用 SSL 终止的 NiFi。我在端口 443 上运行 NGINX,并在端口 8080 上将 proxy_pass 传递给 nifi。我玩弄了这些标头:
X-ProxyScheme - the scheme to use to connect to the proxy
X-ProxyHost - the host of the proxy
X-ProxyPort - the port the proxy is listening on
X-ProxyContextPath - the path configured to map to the NiFi instance
但是似乎不可能让 NiFi 识别它在代理后面的 https 连接上。我更新了我的身份验证配置,但是 NiFi 仍然抛出错误:
IllegalStateException: User authentication/authorization is only supported when running over HTTPS.. Returning Conflict response.
java.lang.IllegalStateException: User authentication/authorization is only supported when running over HTTPS
基本上 https 到 nginx 而不是 nifi 的 http 端口。
我不熟悉 NiFi,但在带有 nginx 的 RHEL 上,下面为我提供了一个反向代理,其中 HTTPS 连接在 nginx 中终止,并带有 /abc_end_point 的前向 HTTP 连接。也许您可以使用它作为模板?
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/tls/certs/abc.com.crt";
ssl_certificate_key "/etc/pki/tls/private/abc.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /abc_end_point {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:9090/abc_end_point;
}
}
| 归档时间: |
|
| 查看次数: |
880 次 |
| 最近记录: |