Unable to reverse proxy requests to Nifi running in the backend using client auth mechanism

Francis Daly francis at daoine.org
Sat Dec 26 18:45:34 UTC 2020

On Mon, Dec 21, 2020 at 06:48:54AM -0500, balu wrote:

Hi there,

the error log says:

> 2020/12/21 11:46:45 [info] 14165#0: *6 client SSL certificate verify error:
> (2:unable to get issuer certificate) while reading client request headers,
> client:, server: nifi-test-nginx.insights.io, request: "GET
> /favicon.ico HTTP/1.1", host: "nifi-test-nginx.insights.io", referrer:
> "https://nifi-test-nginx.insights.io/nifi/?processGroupId=root&componentIds=87a087ca-0175-1000-ca56-1d437d733fb0"

that nginx failed to verify the presented client certificate.

You do have

>         ssl_verify_client optional_no_ca;

in the provided server{} block, which includes

>         server_name nifi-test-nginx.insights.np.vocera.io;

while the error log above refers to a different "server" and "host" value.

Is there any chance that you have more than one port-443 listener
configured in this nginx, and this request is being handled by something
other than the config that you showed?


Francis Daly        francis at daoine.org

More information about the nginx mailing list