ijokarumawak/0_Nginx_NiFi_Auth_Example.md

## 0_Nginx_NiFi_Auth_Example.md

      
    Raw
  

              0_Nginx_NiFi_Auth_Example.md
            
          
    This example demonstrates Nginx reverse proxy configurations.
If the client nor Nginx does NOT provide any client certificate, NiFi will respond with a login screen.
Nifi has to be configured to use an identity provider for username/password login.
This blog post might be helpful to do so, it uses LDAP authentication provider.
http://ijokarumawak.github.io/nifi/2016/11/15/nifi-auth/#how-to-use-ldap-to-authn-requests

  
## nginx.conf
worker_processes 1;

events { worker_connections 1024; }

http {

    sendfile on;

    upstream nifi {
        server 192.168.99.1:8443;
    }

    # browser/API -> http -> NGINX -> https -> Secure NiFi
    # Clients have to login with user/password
    server {
        listen 8080;
        server_name nginx.local;

        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8443;
            proxy_set_header X-ProxyContextPath /;
        }
    }

    # browser/API -> https -> NGINX -> https -> Secure NiFi
    # Clients have to login with user/password
    server {
        listen 8443 ssl;
        server_name nginx.local;
        ssl_certificate /etc/nginx/nginx.crt;
        ssl_certificate_key /etc/nginx/nginx.key;

        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8443;
            proxy_set_header X-ProxyContextPath /;
        }
    }

    # browser/API -> https -> NGINX -> https -> Secure NiFi
    # Clients login as nginx user with nginx.cert
    server {
        listen 8444 ssl;
        server_name nginx.local;
        ssl_certificate /etc/nginx/nginx.crt;
        ssl_certificate_key /etc/nginx/nginx.key;

        proxy_ssl_certificate /etc/nginx/nginx.crt;
        proxy_ssl_certificate_key /etc/nginx/nginx.key;
        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8444;
            proxy_set_header X-ProxyContextPath /;
        }
    }

}
	worker_processes 1;

	events { worker_connections 1024; }

	http {

	sendfile on;

	upstream nifi {
	server 192.168.99.1:8443;
	}

	# browser/API -> http -> NGINX -> https -> Secure NiFi
	# Clients have to login with user/password
	server {
	listen 8080;
	server_name nginx.local;

	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8443;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	# browser/API -> https -> NGINX -> https -> Secure NiFi
	# Clients have to login with user/password
	server {
	listen 8443 ssl;
	server_name nginx.local;
	ssl_certificate /etc/nginx/nginx.crt;
	ssl_certificate_key /etc/nginx/nginx.key;

	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8443;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	# browser/API -> https -> NGINX -> https -> Secure NiFi
	# Clients login as nginx user with nginx.cert
	server {
	listen 8444 ssl;
	server_name nginx.local;
	ssl_certificate /etc/nginx/nginx.crt;
	ssl_certificate_key /etc/nginx/nginx.key;

	proxy_ssl_certificate /etc/nginx/nginx.crt;
	proxy_ssl_certificate_key /etc/nginx/nginx.key;
	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8444;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	}