Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Apache Nifi behind Traefik as a reverse proxy

avatar
New Contributor

I'm using Traefik as a reverse proxy for a lot of services and for tls termination. This works properly excepted Nifi. When trying to forward incomming requests to Nifi I get "Bad Gateway" responses. Does anybody have an idea how to fix that?

Thanks a lot 🙂

 

 

traefik:
image: "traefik:v2.2"
container_name: "traefik"
restart: always
networks: 
  - monitoring
  - website
  - iot
command:
  #- "--log.level=DEBUG"
  - "--api.insecure=true"
  - "--providers.docker=true"
  - "--providers.docker.exposedbydefault=false"
  - "--entrypoints.web.address=:80"
  - "--entrypoints.websecure.address=:443"
  - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
  - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
  #s- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
  - "--certificatesresolvers.myresolver.acme.email=test@test.de"
  - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
  # prom metrics
  - "--metrics.prometheus=true"
---
nifi:
image: apache/nifi:latest
container_name: nifi
restart: on-failure
environment: 
  - NIFI_WEB_PROXY_CONTEXT_PATH=/
  - NIFI_WEB_HTTP_PORT= 8080
expose:
  - 8080
networks: 
  - iot
labels:
  - "traefik.enable=true"
  - "traefik.http.routers.nifi.rule=Host(`nifi.example.de`)"
  - "traefik.http.routers.nifi.entrypoints=web"

  - "traefik.http.routers.nifi.middlewares=nifi-auth"
  # Basic Auth
  - "traefik.http.middlewares.nifi-auth.basicauth.users=admin:$$xyz$$xyz$$xyz"

 

2 REPLIES 2

avatar
New Contributor

Any idea??🙂

avatar
New Contributor

Hey TF, 

I might be quite late for the party, but myself was recently working with NiFi and Traefik and was able to access the UI successfully after a lot of struggle. 

Please find the docker compose file I used to get my services up and running. 

version: "3.7"
services:
    # configuration manager for NiFi
    zookeeper:
        hostname: myzookeeper
        image: zookeeper:latest  
        restart: on-failure
        environment:
            - ALLOW_ANONYMOUS_LOGIN=yes
        networks:
            - apache-nifi-internal
        deploy:
            restart_policy:
                condition: any
                delay: 5s
                max_attempts: 3
                window: 120s
    nifi:
        user: root
        hostname: mynifi
        image: apache/nifi:latest
        restart: on-failure
        environment:
            - NIFI_WEB_HTTP_PORT=8443
            - NIFI_WEB_HTTP_HOST=0.0.0.0
            - NIFI_WEB_PROXY_CONTEXT_PATH=/
        volumes:
            - nifi_database_repository:/opt/nifi/nifi-current/database_repository
            - nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
            - nifi_content_repository:/opt/nifi/nifi-current/content_repository
            - nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
            - nifi_state:/opt/nifi/nifi-current/state
            - nifi_logs:/opt/nifi/nifi-current/logs
            - nifi_conf:/opt/nifi/nifi-current/conf
        networks:
            - apache-nifi-internal
            - traefik_proxy
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-flow.loadbalancer.server.port=8443
                # Routers
                - traefik.http.routers.nifi-flow.service=nifi-flow
                - traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-flow.tls=true
                - traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s
networks:
  traefik_proxy:
    external: true
    name: traefik_webgateway
  apache-nifi-internal:
      
volumes:
  nifi_conf: {external: true}
  nifi_database_repository: {external: true}
  nifi_flowfile_repository: {external: true}
  nifi_content_repository: {external: true}
  nifi_provenance_repository: {external: true}
  nifi_state: {external: true}
  nifi_logs: {external: true}


I am currently trying to make the NiFi instance secure and moving to HTTPS the above code will deploy the NiFi on unsecure mode that is HTTP.