Member since
10-08-2024
2
Posts
2
Kudos Received
0
Solutions
10-15-2024
08:24 AM
1 Kudo
I create my first user with this script #!/bin/bash group='admins' username='admin' uidNumber=1001 gidNumber=1001 firstName='My First' lastName="My Last" password="password" ldapadd -x -D "cn=admin,dc=myhost,dc=dev" -w $password <<EOF dn: ou=$group,dc=myhost,dc=dev objectClass: organizationalUnit ou: $group EOF cat <<EOF dn: uid=$username,ou=$group,dc=myhost,dc=dev objectClass: inetOrgPerson objectClass: posixAccount uid: $username cn: $username sn: $lastName givenName: $firstName uidNumber: $uidNumber gidNumber: $gidNumber homeDirectory: /home/$username loginShell: /bin/bash userPassword: $(slappasswd -s $password) EOF # Ajouter l'utilisateur via ldapadd ldapadd -x -D "cn=admin,dc=myhost,dc=dev" -w $password <<EOF dn: uid=$username,ou=$group,dc=myhost,dc=dev objectClass: inetOrgPerson objectClass: posixAccount uid: $username cn: $username sn: $lastName givenName: $firstName uidNumber: $uidNumber gidNumber: $gidNumber homeDirectory: /home/$username loginShell: /bin/bash userPassword: $(slappasswd -s $password) EOF Authentication Proxy Server not trusted
... View more
10-14-2024
02:32 AM
1 Kudo
I made a docker compose to deploy nifi in cluster on my server. I get the error Authentication Proxy Server not trusted Here are my configurations docker-compose version: '3.8' x-common-nifi: environment: &nifi-env NIFI_WEB_HTTPS_PORT: 8443 NIFI_CLUSTER_IS_NODE: "true" NIFI_CLUSTER_NODE_PROTOCOL_PORT: 11444 NIFI_ZK_CONNECT_STRING: zookeeper:2181 NIFI_ELECTION_MAX_WAIT: 1 min NIFI_ZK_ROOT_NODE: /nifi NIFI_SENSITIVE_PROPS_KEY: ${KEY_SENSITIVE} NIFI_VARIABLE_REGISTRY_PROPERTIES: http://nifi-registry:18080 AUTH: ldap INITIAL_ADMIN_IDENTITY: 'uid=admin,ou=admins,dc=myhost,dc=dev' #LDAP_AUTHENTICATION_STRATEGY: 'LDAPS' LDAP_AUTHENTICATION_STRATEGY: 'SIMPLE' LDAP_MANAGER_DN: 'cn=admin,dc=myhost,dc=dev' LDAP_MANAGER_PASSWORD: ${ADMIN_PASSWORD} LDAP_URL: 'ldap://openldap' LDAP_USER_SEARCH_BASE: 'dc=myhost,dc=dev' LDAP_USER_SEARCH_FILTER: 'uid={0}' LDAP_IDENTITY_STRATEGY: 'USE_DN' KEYSTORE_TYPE: JKS KEYSTORE_PASSWORD: ${KEY_STORE} KEYSTORE_PATH: /opt/certs/keystore.jks TRUSTSTORE_PATH: /opt/certs/truststore.jks TRUSTSTORE_PASSWORD: ${KEY_STORE} TRUSTSTORE_TYPE: JKS NIFI_WEB_PROXY_HOST: "web.nifiapp.myhost.dev,*.nifiapp.myhost.dev" NIFI_JVM_HEAP_INIT: 512m NIFI_JVM_HEAP_MAX: 512m #NODE_IDENTITY: 'CN=*.nifiapp.myhost.dev' networks: &nifi-net - nifi_network depends_on: &nifi-dep - openldap entrypoint: &nifi-entry - "/bin/bash" - "-c" - "sed -i 's|<appender-ref ref=\"USER_FILE\"/>|<appender-ref ref=\"CONSOLE\"/>|' conf/logback.xml; ../scripts/start.sh" services: zookeeper: image: confluentinc/cp-zookeeper:latest hostname: zookeeper environment: ZOOKEEPER_SERVER_ID: 1 ZOOKEEPER_SERVERS: server.1=zookeeper:2888:3888 ZOOKEEPER_CLIENT_PORT: 2181 JVMFLAGS: -Xmx512m -Xms512m ports: - "7481:2181" - "7499:8080" volumes: - zookeeper_data:/data - zookeeper_datalog:/datalog networks: - nifi_network nifi1: image: apache/nifi:latest hostname: n1.nifiapp.myhost.dev entrypoint: *nifi-entry ports: - "7498:8443" - "7400-7425:7400-7425" environment: <<: *nifi-env NIFI_WEB_HTTPS_HOST: n1.nifiapp.myhost.dev NIFI_NODE_IDENTITY: nifi1 networks: *nifi-net depends_on: *nifi-dep volumes: - nifi1_logs:/opt/nifi/nifi-current/logs - nifi1_state:/opt/nifi/nifi-current/state - nifi1_conf:/opt/nifi/nifi-current/conf - nifi1_database_repository:/opt/nifi/nifi-current/database_repository - nifi1_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi1_content_repository:/opt/nifi/nifi-current/content_repository - nifi1_provenance_repository:/opt/nifi/nifi-current/provenance_repository - ./exports:/opt/certs nifi2: image: apache/nifi:latest hostname: n2.nifiapp.myhost.dev entrypoint: *nifi-entry ports: - "7497:8443" - "7426-7451:7426-7451" environment: <<: *nifi-env NIFI_WEB_HTTPS_HOST: n2.nifiapp.myhost.dev NIFI_NODE_IDENTITY: nifi2 networks: *nifi-net depends_on: *nifi-dep volumes: - nifi2_logs:/opt/nifi/nifi-current/logs - nifi2_state:/opt/nifi/nifi-current/state - nifi2_conf:/opt/nifi/nifi-current/conf - nifi2_database_repository:/opt/nifi/nifi-current/database_repository - nifi2_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi2_content_repository:/opt/nifi/nifi-current/content_repository - nifi2_provenance_repository:/opt/nifi/nifi-current/provenance_repository - ./exports:/opt/certs nifi3: image: apache/nifi:latest hostname: n3.nifiapp.myhost.dev entrypoint: *nifi-entry ports: - "7496:8443" - "7452-7475:7452-7475" networks: *nifi-net depends_on: *nifi-dep environment: <<: *nifi-env NIFI_WEB_HTTPS_HOST: n3.nifiapp.myhost.dev NIFI_NODE_IDENTITY: nifi3 volumes: - nifi3_logs:/opt/nifi/nifi-current/logs - nifi3_state:/opt/nifi/nifi-current/state - nifi3_conf:/opt/nifi/nifi-current/conf - nifi3_database_repository:/opt/nifi/nifi-current/database_repository - nifi3_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi3_content_repository:/opt/nifi/nifi-current/content_repository - nifi3_provenance_repository:/opt/nifi/nifi-current/provenance_repository - ./exports:/opt/certs nifi-registry: image: apache/nifi-registry:latest ports: - "7495:18080" volumes: - nifi-registry-data:/opt/nifi-registry/data - nifi-registry-conf:/opt/nifi-registry/conf - nifi-registry-logs:/opt/nifi-registry/logs networks: - nifi_network depends_on: - openldap openldap: image: osixia/openldap:1.5.0 hostname: openldap environment: LDAP_ORGANISATION: MY ORG LDAP_DOMAIN: myhost.dev LDAP_ADMIN_PASSWORD: "${ADMIN_PASSWORD}" LDAP_CONFIG_PASSWORD: "${ADMIN_PASSWORD}" LDAP_ADMIN_CN: admin LDAP_TLS_VERIFY_CLIENT: allow LDAP_TLS: "false" LDAP_BASE_DN: dc=myhost,dc=dev ports: - "389:389" # Port LDAP volumes: - openldap-data:/var/lib/ldap - openldap-config:/etc/ldap/slapd.d networks: - nifi_network command: ["--loglevel", "debug","--copy-service"] ldap-user-manager: image: wheelybird/ldap-user-manager:v1.5 environment: - LDAP_URI=ldap://openldap - LDAP_BASE_DN=dc=myhost,dc=dev - LDAP_ADMIN_BIND_DN=cn=admin,dc=myhost,dc=dev - LDAP_ADMIN_BIND_PWD=${ADMIN_PASSWORD} - LDAP_ADMINS_GROUP=cn=admin,ou=MY ORG,dc=myhost,dc=dev - LDAP_REQUIRE_STARTTLS=FALSE ports: - "7494:80" - "7493:443" depends_on: - openldap networks: - nifi_network platform: linux/amd64 networks: nifi_network: name: 'nifi_tls_network' volumes: nifi1_logs: nifi1_state: nifi1_conf: nifi1_database_repository: nifi1_flowfile_repository: nifi1_content_repository: nifi1_provenance_repository: nifi2_logs: nifi2_state: nifi2_conf: nifi2_database_repository: nifi2_flowfile_repository: nifi2_content_repository: nifi2_provenance_repository: nifi3_logs: nifi3_state: nifi3_conf: nifi3_database_repository: nifi3_flowfile_repository: nifi3_content_repository: nifi3_provenance_repository: zookeeper_data: zookeeper_datalog: nifi-registry-data: nifi-registry-conf: nifi-registry-logs: openldap-data: openldap-config: postgres_data: on my server I use a Nginx that configure below upstream nifibalancer { ip_hash; server localhost:7498; server localhost:7497; server localhost:7486; } server { listen 443 ssl; server_name ~^p(?<port>\d+)\.nifiapp.myhost\.dev$; ignore_invalid_headers off; # Vérification de l'intervalle de ports autorisés (de 8900 à 8999) location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; if ($port ~* "^(74[0-8]{1}[0-9]{1})$") { proxy_pass http://localhost:$port; } return 403; # Refuse les requêtes en dehors de cet intervalle } access_log /var/log/nginx/nifiapp-listener-app-access.log; error_log /var/log/nginx/nifiapp-listener-app-error.log; ssl_certificate /etc/letsencrypt/live/nifiapp.myhost.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nifiapp.myhost.dev/privkey.pem; } server { listen 443 ssl; server_name web.nifiapp.myhost.dev; ignore_invalid_headers off; location / { proxy_pass https://nifibalancer/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort $port; #proxy_set_header X-ProxyContextPath /; # Add ProxiedEntitiesChain using client certificate's distinguished name (DN) proxy_set_header X-ProxiedEntitiesChain $ssl_client_s_dn; } access_log /var/log/nginx/nifiapp-app-access.log; error_log /var/log/nginx/nifiapp-app-error.log; ssl_certificate /etc/letsencrypt/live/nifiapp.myhost.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nifiapp.myhost.dev/privkey.pem; } server { listen 443 ssl; server_name zookeeper.nifiapp.myhost.dev; ignore_invalid_headers off; location / { proxy_pass http://localhost:7499; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Original-URI $request_uri; } error_page 404 =200 /index.html; access_log /var/log/nginx/nifiapp-zookeeper-app-access.log; error_log /var/log/nginx/nifiapp-zookeeper-app-error.log; ssl_certificate /etc/letsencrypt/live/nifiapp.myhost.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nifiapp.myhost.dev/privkey.pem; }
... View more
Labels:
- Labels:
-
Apache NiFi