Unable to reverse proxy requests to Nifi running in the backend using client auth mechanism

Francis Daly francis at daoine.org
Sat Dec 26 18:45:34 UTC 2020


On Mon, Dec 21, 2020 at 06:48:54AM -0500, balu wrote:

Hi there,

the error log says:

> 2020/12/21 11:46:45 [info] 14165#0: *6 client SSL certificate verify error:
> (2:unable to get issuer certificate) while reading client request headers,
> client: 49.207.211.47, server: nifi-test-nginx.insights.io, request: "GET
> /favicon.ico HTTP/1.1", host: "nifi-test-nginx.insights.io", referrer:
> "https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"

that nginx failed to verify the presented client certificate.

You do have

>         ssl_verify_client optional_no_ca;

in the provided server{} block, which includes

>         server_name nifi-test-nginx.insights.np.vocera.io;

while the error log above refers to a different "server" and "host" value.

Is there any chance that you have more than one port-443 listener
configured in this nginx, and this request is being handled by something
other than the config that you showed?

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list