Scenario
User --- (HTTPS) ---> NGINX Reverse Proxy --- (HTTP) ---> NiFiTypical NGINX Reverse Proxy config:
location /nifi {
proxy_set_header Host $http_host;
add_header "Access-Control-Allow-Credentials" "true";
proxy_pass http://127.0.0.1:9900;
}Note: the proxy_set_header Host is necessary otherwise NiFi will return “localhost” or “127.0.0.1” in it’s links and you’ll end up with a bunch of HTTP 404 errors
Issues
- Nifi might initially load, but any subsequent actions result in an error page along the lines of “cannot communicate to server”
- Opening chrome/FF dev tools shows a “mixed content” error, basically saying that the browser did not allow a request for HTTP content to be served when the original (parent) site uses HTTPS
Solution
Add a single line to the above config:
location /nifi {
proxy_set_header Host $http_host;
add_header "Access-Control-Allow-Credentials" "true";
proxy_pass http://127.0.0.1:9900;
proxy_set_header X-ProxyScheme https; # <--------- ADD THIS
}The new line adds the X-ProxyScheme header and sets it to https. NiFi does respect this header and returns all links prefixed with HTTPS rather than http
David Vassallo's Blog 