Support Questions

anon12345 · ‎11-25-2024

I'm currently trying to get Nifi running in docker in the insecure mode without tls enabled. The reason for this is I want to run Nifi with ssl termination upstream and not have to deal with the complications of having to manage truststores and keystores.

By default it seems that even configuring the environment variables for `nifi_web_http_port` and `nifi_web_http_host` will not remove the default configuration for the https port and host.

I've modified the start.sh script for the container to set the http_port and http_host to be the expected values and removing the default values for https_port and https_host. I've also set the configuration `nifi.remote.input.secure` to be false. Now on startup Nifi failing to load a Key Store at ./conf/keystore.p12. Even with tls seemingly disabled by the means I've found necessary from all other guides on the matter Nifi is still expecting a keystore?

Has anyone had success with running nifi 2.0 insecure in docker?

anon12345 · ‎11-25-2024

So it turns out if you "unset" the following properties in the start.sh script like so, you are able to run nifi without tls

nifi.security.keystore

nifi.seucrity.keystoreType

nifi.security.truststore

nifi.security.truststoreType

gavingilmour · ‎12-23-2024

@anon12345 Just to clarify, presumably is this over and above your modifications to start.sh?

I can't find anywhere that says plain http is supported in 2.0, but I'm ready to give up trying to get https playing nice with traefik, so this whole complication is redundant anyway.

Here's what I've tried:-

❯ docker run --rm --name nifi \
-p 8080:8080 \
-e NIFI_WEB_HTTP_PORT=8080 \
-e NIFI_WEB_HTTP_HOST=0.0.0.0 \
-e NIFI_WEB_HTTPS_PORT= \
-e NIFI_WEB_HTTPS_HOST= \ 
-e NIFI_WEB_PROXY_HOST=localhost:8080 \
-e NIFI_CLUSTER_IS_NODE=false \
-e SINGLE_USER_CREDENTIALS_USERNAME=nifi \
-e SINGLE_USER_CREDENTIALS_PASSWORD=nifipassword \
-e NIFI_SECURITY_KEYSTORE= \
-e NIFI_SECURITY_KEYSTOREPASSWD= \
-e NIFI_SECURITY_KEYPASSWD= \
-e NIFI_SECURITY_TRUSTSTORE= \
-e NIFI_SECURITY_TRUSTSTOREPASSWD= apache/nifi:2.0

HTTPS still enabled. 🙁

anon12345 · ‎12-23-2024

I've found that you have to modify the start.sh script itself rather than relying on passed environment variables. By default it will apply the host name of the container to the https host unless you prevent it from doing so in the start.sh script. Which then takes precedent over any http configuration you've done. I'd also try messing with `nifi.remote.input.secure` I'm uncertain if that is also required to be set to false

DianaTorres · ‎11-25-2024

@anon12345 Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our NiFi experts @MattWho @SAMSAL who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

Apache Nifi 2.0 Dockerized running insecure on HTTP