I am trying to dockerise the 3 services Zookeeper, NiFi and NiFi Registry below is the docker-compose.yml file
version: "3.7"
services:
# configuration manager for NiFi
zookeeper:
hostname: myzookeeper
# container_name: zookeeper_container_persistent
image: zookeeper:latest
restart: on-failure
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
networks:
- apache-nifi-internal
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
# version control for nifi flows
registry:
user: root
hostname: myregistry
# container_name: registry_container_persistent
image: apache/nifi-registry:latest
restart: on-failure
environment:
- LOG_LEVEL=INFO
- NIFI_REGISTRY_DB_DIR=/opt/nifi-registry/nifi-registry-current/database
- NIFI_REGISTRY_FLOW_PROVIDER=file
- NIFI_REGISTRY_FLOW_STORAGE_DIR=/opt/nifi-registry/nifi-registry-current/flow_storage
volumes:
- nifi_registry_database:/opt/nifi-registry/nifi-registry-current/database
- nifi_registry_flow_storage:/opt/nifi-registry/nifi-registry-current/flow_storage
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-registry.loadbalancer.server.port=18080
# middlewares
- traefik.http.middlewares.nifi-registry-prefix.stripprefix.prefixes=/nifi-registry
- traefik.http.middlewares.nifi-registry-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.nifi-registry-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-registry.middlewares=nifi-registry-prefix,nifi-registry-headers
- traefik.http.routers.nifi-registry.service=nifi-registry
- traefik.http.routers.nifi-registry.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-registry.tls=true
- traefik.http.routers.nifi-registry.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi-registry`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTP_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
networks:
apache-nifi-internal:
traefik_webgateway:
external: true
volumes:
nifi_conf: {external: true}
nifi_database_repository: {external: true}
nifi_flowfile_repository: {external: true}
nifi_content_repository: {external: true}
nifi_provenance_repository: {external: true}
nifi_state: {external: true}
nifi_logs: {external: true}
nifi_registry_database: {external: true}
nifi_registry_flow_storage: {external: true}
# nifi_database_repository:
# external: trueI was able to access the UI via proxy using Traefik through the https://domain_name/nifi to the access the NiFi which is on docker that is running HTTP in a unsecure mode.
So to move ahead with the next steps I tried to apply certain changes to have NiFi running on HTTPS and applied the below changes to the nifi service block.
nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTPS_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
- NIFI_WEB_PROXY_HOST=$DOCKER_HOST_URL:443,mynifi:8443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_WHEN=${X-ProxyHost:contains('$DOCKER_HOST_URL')}
- NIFI_REMOTE_ROUTE_HTTP_NIFI_HOSTNAME=$DOCKER_HOST_URL
- NIFI_REMOTE_ROUTE_HTTP_NIFI_PORT=443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_SECURE=true
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- "traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyScheme=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyHost=$DOCKER_HOST_URL"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyPort=443"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyContextPath:/nifi,/nifi-docs,/nifi-api,/"
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
This doesn't seem to be working as I am getting Bad Gateway error, are there any specific variables or routing configuration that needs to be done on Traefik or NiFi to allow the UI to be accessible via HTTPS secure mode.
