Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Traefik proxy routing NiFi UI on Docker
Labels:
- Labels:
-
Apache NiFi
-
Docker
New Contributor
Created 10-12-2022 01:21 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to dockerise the 3 services Zookeeper, NiFi and NiFi Registry below is the docker-compose.yml file
version: "3.7"
services:
# configuration manager for NiFi
zookeeper:
hostname: myzookeeper
# container_name: zookeeper_container_persistent
image: zookeeper:latest
restart: on-failure
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
networks:
- apache-nifi-internal
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
# version control for nifi flows
registry:
user: root
hostname: myregistry
# container_name: registry_container_persistent
image: apache/nifi-registry:latest
restart: on-failure
environment:
- LOG_LEVEL=INFO
- NIFI_REGISTRY_DB_DIR=/opt/nifi-registry/nifi-registry-current/database
- NIFI_REGISTRY_FLOW_PROVIDER=file
- NIFI_REGISTRY_FLOW_STORAGE_DIR=/opt/nifi-registry/nifi-registry-current/flow_storage
volumes:
- nifi_registry_database:/opt/nifi-registry/nifi-registry-current/database
- nifi_registry_flow_storage:/opt/nifi-registry/nifi-registry-current/flow_storage
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-registry.loadbalancer.server.port=18080
# middlewares
- traefik.http.middlewares.nifi-registry-prefix.stripprefix.prefixes=/nifi-registry
- traefik.http.middlewares.nifi-registry-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.nifi-registry-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-registry.middlewares=nifi-registry-prefix,nifi-registry-headers
- traefik.http.routers.nifi-registry.service=nifi-registry
- traefik.http.routers.nifi-registry.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-registry.tls=true
- traefik.http.routers.nifi-registry.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi-registry`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTP_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
networks:
apache-nifi-internal:
traefik_webgateway:
external: true
volumes:
nifi_conf: {external: true}
nifi_database_repository: {external: true}
nifi_flowfile_repository: {external: true}
nifi_content_repository: {external: true}
nifi_provenance_repository: {external: true}
nifi_state: {external: true}
nifi_logs: {external: true}
nifi_registry_database: {external: true}
nifi_registry_flow_storage: {external: true}
# nifi_database_repository:
# external: trueI was able to access the UI via proxy using Traefik through the https://domain_name/nifi to the access the NiFi which is on docker that is running HTTP in a unsecure mode.
So to move ahead with the next steps I tried to apply certain changes to have NiFi running on HTTPS and applied the below changes to the nifi service block.
nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTPS_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
- NIFI_WEB_PROXY_HOST=$DOCKER_HOST_URL:443,mynifi:8443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_WHEN=${X-ProxyHost:contains('$DOCKER_HOST_URL')}
- NIFI_REMOTE_ROUTE_HTTP_NIFI_HOSTNAME=$DOCKER_HOST_URL
- NIFI_REMOTE_ROUTE_HTTP_NIFI_PORT=443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_SECURE=true
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- "traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyScheme=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyHost=$DOCKER_HOST_URL"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyPort=443"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyContextPath:/nifi,/nifi-docs,/nifi-api,/"
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
This doesn't seem to be working as I am getting Bad Gateway error, are there any specific variables or routing configuration that needs to be done on Traefik or NiFi to allow the UI to be accessible via HTTPS secure mode.
0 REPLIES 0
