Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Traefik proxy routing NiFi UI on Docker

Labels:
avatar
author-rank jojejoby
New Contributor

Created ‎10-12-2022 01:21 AM

I am trying to dockerise the 3 services Zookeeper, NiFi and NiFi Registry below is the docker-compose.yml file

 

version: "3.7"
services:
    # configuration manager for NiFi
    zookeeper:
        hostname: myzookeeper
        # container_name: zookeeper_container_persistent
        image: zookeeper:latest  
        restart: on-failure
        environment:
            - ALLOW_ANONYMOUS_LOGIN=yes
        networks:
            - apache-nifi-internal
        deploy:
            restart_policy:
                condition: any
                delay: 5s
                max_attempts: 3
                window: 120s
# version control for nifi flows
    registry:
        user: root
        hostname: myregistry
        # container_name: registry_container_persistent
        image: apache/nifi-registry:latest 
        restart: on-failure
        environment:
            - LOG_LEVEL=INFO
            - NIFI_REGISTRY_DB_DIR=/opt/nifi-registry/nifi-registry-current/database
            - NIFI_REGISTRY_FLOW_PROVIDER=file
            - NIFI_REGISTRY_FLOW_STORAGE_DIR=/opt/nifi-registry/nifi-registry-current/flow_storage
        volumes:
            - nifi_registry_database:/opt/nifi-registry/nifi-registry-current/database
            - nifi_registry_flow_storage:/opt/nifi-registry/nifi-registry-current/flow_storage
        networks:
            - apache-nifi-internal
            - traefik_webgateway
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-registry.loadbalancer.server.port=18080
                # middlewares
                - traefik.http.middlewares.nifi-registry-prefix.stripprefix.prefixes=/nifi-registry
                - traefik.http.middlewares.nifi-registry-headers.headers.customrequestheaders.X-Forwarded-Proto=https
                # - traefik.http.middlewares.nifi-registry-redirect.redirectscheme.scheme=https
                # Routers
                - traefik.http.routers.nifi-registry.middlewares=nifi-registry-prefix,nifi-registry-headers
                - traefik.http.routers.nifi-registry.service=nifi-registry
                - traefik.http.routers.nifi-registry.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-registry.tls=true
                - traefik.http.routers.nifi-registry.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi-registry`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s
    nifi:
        user: root
        hostname: mynifi
        # container_name: nifi_container_persistent
        image: apache/nifi:latest
        restart: on-failure
        environment:
            - NIFI_WEB_HTTP_PORT=8443
            - NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
            # - NIFI_CLUSTER_IS_NODE=true
            # - SINGLE_USER_CREDENTIALS_USERNAME=admin
            # - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
            # - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
            # - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
            # - NIFI_ELECTION_MAX_WAIT=30 sec
            # - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
            # - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
        # healthcheck:
        #     test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
        #     interval: "60s"
        #     timeout: "3s"
        #     start_period: "5s"
        #     retries: 5
        volumes:
            - nifi_database_repository:/opt/nifi/nifi-current/database_repository
            - nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
            - nifi_content_repository:/opt/nifi/nifi-current/content_repository
            - nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
            - nifi_state:/opt/nifi/nifi-current/state
            - nifi_logs:/opt/nifi/nifi-current/logs
            - nifi_conf:/opt/nifi/nifi-current/conf
        networks:
            - apache-nifi-internal
            - traefik_webgateway
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-flow.loadbalancer.server.port=8443
                # middlewares
                # - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
                - traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https
                # - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
                # Routers
                - traefik.http.routers.nifi-flow.middlewares=nifi-headers
                - traefik.http.routers.nifi-flow.service=nifi-flow
                - traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-flow.tls=true
                - traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s

networks:
  apache-nifi-internal:
  traefik_webgateway:
    external: true

volumes:
  nifi_conf: {external: true}
  nifi_database_repository: {external: true}
  nifi_flowfile_repository: {external: true}
  nifi_content_repository: {external: true}
  nifi_provenance_repository: {external: true}
  nifi_state: {external: true}
  nifi_logs: {external: true}
  nifi_registry_database: {external: true}
  nifi_registry_flow_storage: {external: true}
  # nifi_database_repository:
  #   external: true

I was able to access the UI via proxy using Traefik through the https://domain_name/nifi to the access the NiFi which is on docker that is running HTTP in a unsecure mode. 

So to move ahead with the next steps I tried to apply certain changes to have NiFi running on HTTPS and applied the below changes to the nifi service block.

 

 

 

    nifi:
        user: root
        hostname: mynifi
        # container_name: nifi_container_persistent
        image: apache/nifi:latest
        restart: on-failure
        environment:
            - NIFI_WEB_HTTPS_PORT=8443
            - NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
            - NIFI_WEB_PROXY_HOST=$DOCKER_HOST_URL:443,mynifi:8443
            - NIFI_REMOTE_ROUTE_HTTP_NIFI_WHEN=${X-ProxyHost:contains('$DOCKER_HOST_URL')}
            - NIFI_REMOTE_ROUTE_HTTP_NIFI_HOSTNAME=$DOCKER_HOST_URL
            - NIFI_REMOTE_ROUTE_HTTP_NIFI_PORT=443
            - NIFI_REMOTE_ROUTE_HTTP_NIFI_SECURE=true
            # - NIFI_CLUSTER_IS_NODE=true
            # - SINGLE_USER_CREDENTIALS_USERNAME=admin
            # - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
            # - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
            # - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
            # - NIFI_ELECTION_MAX_WAIT=30 sec
            # - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
            # - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
        # healthcheck:
        #     test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
        #     interval: "60s"
        #     timeout: "3s"
        #     start_period: "5s"
        #     retries: 5
        volumes:
            - nifi_database_repository:/opt/nifi/nifi-current/database_repository
            - nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
            - nifi_content_repository:/opt/nifi/nifi-current/content_repository
            - nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
            - nifi_state:/opt/nifi/nifi-current/state
            - nifi_logs:/opt/nifi/nifi-current/logs
            - nifi_conf:/opt/nifi/nifi-current/conf
        networks:
            - apache-nifi-internal
            - traefik_webgateway
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-flow.loadbalancer.server.port=8443
                # middlewares
                # - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
                - "traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
                - "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyScheme=https"
                - "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyHost=$DOCKER_HOST_URL"
                - "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyPort=443"
                - "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyContextPath:/nifi,/nifi-docs,/nifi-api,/"
                # - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
                # Routers
                - traefik.http.routers.nifi-flow.middlewares=nifi-headers
                - traefik.http.routers.nifi-flow.service=nifi-flow
                - traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-flow.tls=true
                - traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s

 

 

 

This doesn't seem to be working as I am getting Bad Gateway error, are there any specific variables or routing configuration that needs to be done on Traefik or NiFi to allow the UI to be accessible via HTTPS secure mode.

720 Views
0 Kudos
0 REPLIES 0
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner