ijokarumawak · February 8, 2018 02:48
diff --git a/0_Nginx_NiFi_Auth_Example.md b/0_Nginx_NiFi_Auth_Example.md
diff --git a/nginx.conf b/nginx.conf
 worker_processes 1;

 events { worker_connections 1024; }

 http {

    sendfile on;

    upstream nifi {
        server 192.168.99.1:8443;
    }

    # browser/API -> http -> NGINX -> https -> Secure NiFi
    # Clients have to login with user/password
    server {
        listen 8080;
        server_name nginx.local;

        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8443;
            proxy_set_header X-ProxyContextPath /;
        }
    }

    # browser/API -> https -> NGINX -> https -> Secure NiFi
    # Clients have to login with user/password
    server {
        listen 8443 ssl;
        server_name nginx.local;
        ssl_certificate /etc/nginx/nginx.crt;
        ssl_certificate_key /etc/nginx/nginx.key;

        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8443;
            proxy_set_header X-ProxyContextPath /;
        }
    }

    # browser/API -> https -> NGINX -> https -> Secure NiFi
    # Clients login as nginx user with nginx.cert
    server {
        listen 8444 ssl;
        server_name nginx.local;
        ssl_certificate /etc/nginx/nginx.crt;
        ssl_certificate_key /etc/nginx/nginx.key;

        proxy_ssl_certificate /etc/nginx/nginx.crt;
        proxy_ssl_certificate_key /etc/nginx/nginx.key;
        proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

        location / {
            proxy_pass https://nifi;
            proxy_set_header X-ProxyScheme https;
            proxy_set_header X-ProxyHost nginx.local;
            proxy_set_header X-ProxyPort 8444;
            proxy_set_header X-ProxyContextPath /;
        }
    }

 }
	worker_processes 1;

	events { worker_connections 1024; }

	http {

	sendfile on;

	upstream nifi {
	server 192.168.99.1:8443;
	}

	# browser/API -> http -> NGINX -> https -> Secure NiFi
	# Clients have to login with user/password
	server {
	listen 8080;
	server_name nginx.local;

	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8443;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	# browser/API -> https -> NGINX -> https -> Secure NiFi
	# Clients have to login with user/password
	server {
	listen 8443 ssl;
	server_name nginx.local;
	ssl_certificate /etc/nginx/nginx.crt;
	ssl_certificate_key /etc/nginx/nginx.key;

	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8443;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	# browser/API -> https -> NGINX -> https -> Secure NiFi
	# Clients login as nginx user with nginx.cert
	server {
	listen 8444 ssl;
	server_name nginx.local;
	ssl_certificate /etc/nginx/nginx.crt;
	ssl_certificate_key /etc/nginx/nginx.key;

	proxy_ssl_certificate /etc/nginx/nginx.crt;
	proxy_ssl_certificate_key /etc/nginx/nginx.key;
	proxy_ssl_trusted_certificate /etc/nginx/nifi-cert.pem;

	location / {
	proxy_pass https://nifi;
	proxy_set_header X-ProxyScheme https;
	proxy_set_header X-ProxyHost nginx.local;
	proxy_set_header X-ProxyPort 8444;
	proxy_set_header X-ProxyContextPath /;
	}
	}

	}