Member since
10-11-2022
3
Posts
0
Kudos Received
0
Solutions
11-28-2022
03:39 AM
@Kushisabishii could you please advise what list of host needs to be provided on the NIFI_WEB_PROXY_HOST I have added the docker host and port that I access the NiFi UI. For example my NiFi is accessible via https://docker-host.comp.com/nifi/ Hence I have added the NIFI_WEB_PROXY_HOST = docker-host.comp.com:443 into my docker compose file. Do I need to consider any other hosts to be added ?
... View more
10-14-2022
07:09 AM
Hey TF, I might be quite late for the party, but myself was recently working with NiFi and Traefik and was able to access the UI successfully after a lot of struggle. Please find the docker compose file I used to get my services up and running. version: "3.7"
services:
# configuration manager for NiFi
zookeeper:
hostname: myzookeeper
image: zookeeper:latest
restart: on-failure
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
networks:
- apache-nifi-internal
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
nifi:
user: root
hostname: mynifi
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTP_PORT=8443
- NIFI_WEB_HTTP_HOST=0.0.0.0
- NIFI_WEB_PROXY_CONTEXT_PATH=/
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_proxy
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# Routers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
networks:
traefik_proxy:
external: true
name: traefik_webgateway
apache-nifi-internal:
volumes:
nifi_conf: {external: true}
nifi_database_repository: {external: true}
nifi_flowfile_repository: {external: true}
nifi_content_repository: {external: true}
nifi_provenance_repository: {external: true}
nifi_state: {external: true}
nifi_logs: {external: true} I am currently trying to make the NiFi instance secure and moving to HTTPS the above code will deploy the NiFi on unsecure mode that is HTTP.
... View more
10-12-2022
01:21 AM
I am trying to dockerise the 3 services Zookeeper, NiFi and NiFi Registry below is the docker-compose.yml file version: "3.7"
services:
# configuration manager for NiFi
zookeeper:
hostname: myzookeeper
# container_name: zookeeper_container_persistent
image: zookeeper:latest
restart: on-failure
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
networks:
- apache-nifi-internal
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
# version control for nifi flows
registry:
user: root
hostname: myregistry
# container_name: registry_container_persistent
image: apache/nifi-registry:latest
restart: on-failure
environment:
- LOG_LEVEL=INFO
- NIFI_REGISTRY_DB_DIR=/opt/nifi-registry/nifi-registry-current/database
- NIFI_REGISTRY_FLOW_PROVIDER=file
- NIFI_REGISTRY_FLOW_STORAGE_DIR=/opt/nifi-registry/nifi-registry-current/flow_storage
volumes:
- nifi_registry_database:/opt/nifi-registry/nifi-registry-current/database
- nifi_registry_flow_storage:/opt/nifi-registry/nifi-registry-current/flow_storage
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-registry.loadbalancer.server.port=18080
# middlewares
- traefik.http.middlewares.nifi-registry-prefix.stripprefix.prefixes=/nifi-registry
- traefik.http.middlewares.nifi-registry-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.nifi-registry-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-registry.middlewares=nifi-registry-prefix,nifi-registry-headers
- traefik.http.routers.nifi-registry.service=nifi-registry
- traefik.http.routers.nifi-registry.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-registry.tls=true
- traefik.http.routers.nifi-registry.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi-registry`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTP_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s
networks:
apache-nifi-internal:
traefik_webgateway:
external: true
volumes:
nifi_conf: {external: true}
nifi_database_repository: {external: true}
nifi_flowfile_repository: {external: true}
nifi_content_repository: {external: true}
nifi_provenance_repository: {external: true}
nifi_state: {external: true}
nifi_logs: {external: true}
nifi_registry_database: {external: true}
nifi_registry_flow_storage: {external: true}
# nifi_database_repository:
# external: true I was able to access the UI via proxy using Traefik through the https://domain_name/nifi to the access the NiFi which is on docker that is running HTTP in a unsecure mode. So to move ahead with the next steps I tried to apply certain changes to have NiFi running on HTTPS and applied the below changes to the nifi service block. nifi:
user: root
hostname: mynifi
# container_name: nifi_container_persistent
image: apache/nifi:latest
restart: on-failure
environment:
- NIFI_WEB_HTTPS_PORT=8443
- NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/
- NIFI_WEB_PROXY_HOST=$DOCKER_HOST_URL:443,mynifi:8443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_WHEN=${X-ProxyHost:contains('$DOCKER_HOST_URL')}
- NIFI_REMOTE_ROUTE_HTTP_NIFI_HOSTNAME=$DOCKER_HOST_URL
- NIFI_REMOTE_ROUTE_HTTP_NIFI_PORT=443
- NIFI_REMOTE_ROUTE_HTTP_NIFI_SECURE=true
# - NIFI_CLUSTER_IS_NODE=true
# - SINGLE_USER_CREDENTIALS_USERNAME=admin
# - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
# - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
# - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
# - NIFI_ELECTION_MAX_WAIT=30 sec
# - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
# - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
# healthcheck:
# test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
# interval: "60s"
# timeout: "3s"
# start_period: "5s"
# retries: 5
volumes:
- nifi_database_repository:/opt/nifi/nifi-current/database_repository
- nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
- nifi_content_repository:/opt/nifi/nifi-current/content_repository
- nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
- nifi_state:/opt/nifi/nifi-current/state
- nifi_logs:/opt/nifi/nifi-current/logs
- nifi_conf:/opt/nifi/nifi-current/conf
networks:
- apache-nifi-internal
- traefik_webgateway
deploy:
labels:
# traefik
- traefik.enable=true
# service
- traefik.http.services.nifi-flow.loadbalancer.server.port=8443
# middlewares
# - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
- "traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyScheme=https"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyHost=$DOCKER_HOST_URL"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyPort=443"
- "traefik.http.middlewares.nifi-headers.headers.customRequestHeaders.X-ProxyContextPath:/nifi,/nifi-docs,/nifi-api,/"
# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
# Routers
- traefik.http.routers.nifi-flow.middlewares=nifi-headers
- traefik.http.routers.nifi-flow.service=nifi-flow
- traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
- traefik.http.routers.nifi-flow.tls=true
- traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
restart_policy:
condition: any
delay: 120s
max_attempts: 3
window: 60s This doesn't seem to be working as I am getting Bad Gateway error, are there any specific variables or routing configuration that needs to be done on Traefik or NiFi to allow the UI to be accessible via HTTPS secure mode.
... View more
Labels:
- Labels:
-
Apache NiFi
-
Docker