我有 NiFi,通过 Keycloak 进行 OpenId 身份验证。一切都很好。但又出现了一个额外的任务:通过 Nginx 访问 NiFi。我根据 NiFi 文档配置了所有内容,但我不断收到错误:(
配置nginx:
location /nifi {
proxy_set_header X-ProxyScheme "https";
proxy_set_header X-ProxyHost "proxy-host";
proxy_set_header X-ProxyPort "443";
proxy_set_header X-ProxyContextPath "/nifi";
proxy_pass https://nifi-host.com:8443;
}
nifi.属性
nifi.web.proxy.context.path=/
nifi.web.proxy.host=proxy-host:443
在第一次请求时,
https://proxy-host:443/nifihttps://nifi-host.com:8443/nifi/https://nifi-host.com:8443/nifi-api/oauth2/authorization/consumerhttps://proxy-host:443/nifi/nifi-api/oauth2/authorization404 not foundkeycloaknginxnginx预先感谢您的任何想法!
我发现问题是代理和nifi之间的证书。我从 jks 导出证书并添加到 nginx 上的代理证书。这是 NGINX 上的设置:
server {
listen 443 ssl;
http2 on;
server_name nifi.proxy.vn;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_client_certificate /etc/nginx/certs/nifi-cert.pem;
#ssl_verify_client off;
proxy_ssl_certificate /etc/nginx/certs/nifi-tls.crt;
proxy_ssl_certificate_key /etc/nginx/certs/nifi-tls.key;
proxy_ssl_trusted_certificate /etc/nginx/certs/nifi-cert.pem;
location / {
proxy_pass https://xxxxx:9443;
proxy_set_header X-ProxyScheme https;
proxy_set_header X-ProxyHost nifi.proxy.vn;
proxy_set_header X-ProxyPort 443;
proxy_set_header X-ProxiedEntitiesChain "$ssl_client_s_dn";
}
}