nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curtis Ruck <curtis.r...@gmail.com>
Subject Re: X-Forwarded-Context whitelisting not working
Date Wed, 15 May 2019 20:46:15 GMT
Yes, went through that guide with a fine tooth comb.  Then started enabling
debug logging and comparing log outputs.

The telling factor in the logs were these lines (/nifi1 in Sanitize and
nothing in CatchAll).

o.a.n.w.filter.SanitizeContextPathFilter - SanitizeContextPathFilter
received provided whitelisted context paths from NiFi properties: /nifi1
o.a.n.w.filter.CatchAllFilter - CatchAllFilter  [index.jsp] received
provided whitelisted context paths from NiFi properties:

Then investigation into how whitelistedContextPaths gets set revealed the
likely culprit is the lack of a super.init(filterConfig) inside
CatchAllFilter.init().

--
Curtis Ruck


On Wed, May 15, 2019 at 8:50 AM Matt Gilman <matt.c.gilman@gmail.com> wrote:

> Curtis,
>
> I haven't set this up recently but it was working the last time I tried
> it. Just wanted to ensure you that were following the guidance in our admin
> guide for standing up instances behind a proxy [1].
>
> Matt
>
> [1]
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#proxy_configuration
>
> On Tue, May 14, 2019 at 6:17 PM Curtis Ruck <curtis.ruck@gmail.com> wrote:
>
>> I am attempting (unsuccessfully) to configure multiple numbered
>> unclustered nifi instances behind a single reverse proxy vhost (external
>> limitations on single vhost and no clustering)
>>
>> In my reverse proxy I have X-Forwarded-Context set and in debug logging
>> both CatchAllFilter and SanitizeContextPathFilter see the passed context
>> (/nifi1 ... /nifiN).  In debug logging though, CatchAllFilter isn't seeing
>> any items from getWhitelistedContextPath() where as
>> SanitizeContextPathFilter does show the items in the
>> getWhitelistedContextPath().
>>
>> Since CatchAllFilter extends SanitizeContextPathFilter, it should work
>> except CatchAllFilter isn't calling super.init() which means the
>> private whitelistedContextPaths never gets initialized.
>>
>> Has anyone gotten Nifi working at a nested context path i.e.
>> (/nifi1/nifi, /nifi1/nifi-api)?
>>
>> --
>> Curtis Ruck
>>
>

Mime
View raw message