Member since
06-03-2022
4
Posts
0
Kudos Received
0
Solutions
06-24-2022
11:08 AM
Hi @araujo I'm using Nginx Proxy Manager, in the same Docker, maybe was working before because the cert was not I'm trying to connect via localhost.
... View more
06-22-2022
01:03 PM
Hi @araujo. It's working perfectly, thank you so much. One last thing, before I was able to proxy via nginx, but now it gives connection refused, do you have an idea of where I should look for? Thanks.
... View more
06-10-2022
12:48 PM
Hello @araujo, thank you so much for your response, I've changed "INITIAL_ADMIN_IDENTITY" value to "my_admin", but the same error has happend. I'm trying to follow this tutorial: Setting Up a Secure Apache NiFi Registry, in his case, the bowser asks for the p12 cert file, in my case doesn't happen, maybe because it's running behind a proxy? I've no idea how to pass this cert, I did try to import to the browser, but nothing happend, besides, informing the wrong user/pass it does say they're incorrect, and more, for this error, no log is generated, so I'm lost. If you have any other idea, please let me know, thanks again.
... View more
06-03-2022
11:40 PM
Hello, Hello, I've been trying to setup NiFi with single user authentication but got stuck in a "Access Unknown: Certificate and Token not found" error, and I'm unable to find a solution. Any help would be greatily apreciate. So, I'm trying to deploy in a remote machine with Docker, with authentication provided by NiFi, using a Nginx as reverse proxy. Maybe I have to pass p12 file to NiFi, but I have no idea how to proced. My docker-compose file is as follows version: '3.9' x-base: &base image: apache/nifi:1.16.2 networks: - nifi x-nifi-environment: &nifi-environment NIFI_WEB_HTTPS_PORT: 8443 NIFI_CLUSTER_IS_NODE: "true" NIFI_ZK_CONNECT_STRING: "zookeeper:2181" NIFI_ELECTION_MAX_WAIT: "30 sec" NIFI_ELECTION_MAX_CANDIDATES: 2 NIFI_SENSITIVE_PROPS_KEY: "my-random-string" NIFI_WEB_PROXY_CONTEXT_PATH: "//" NIFI_CLUSTER_NODE_PROTOCOL_PORT: 8082 NIFI_WEB_PROXY_HOST: "nifi0:8443,nifi0,nifi0.mysite.com,nifi1:8443,nifi1,nifi1.mysite.com,nifi2:8443,nifi2,nifi2.mysite.com,nifi.mysite.com" NIFI_WEB_HTTPS_HOST: "0.0.0.0" SINGLE_USER_CREDENTIALS_USERNAME: "my_admin" SINGLE_USER_CREDENTIALS_PASSWORD: "PASSWORD_GENERATED_BY_NIFI_TOOLKIT" AUTH: "tls" KEYSTORE_PATH: "/opt/certs/keystore.jks" KEYSTORE_TYPE: "JKS" KEYSTORE_PASSWORD: "KEYSTORE_PASSWORD_GENERATED_BY_NIFI_TOOLKIT" TRUSTSTORE_PATH: "/opt/certs/truststore.jks" TRUSTSTORE_TYPE: "JKS" TRUSTSTORE_PASSWORD: "TRUSTSTORE_PASSWORD_GENERATED_BY_NIFI_TOOLKIT" NIFI_SECURITY_USER_AUTHORIZER: "single-user-authorizer" NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER: "single-user-provider" INITIAL_ADMIN_IDENTITY: "CN=my_admin, OU=NiFi" services: zookeeper: container_name: zookeeper image: bitnami/zookeeper:3.8.0 environment: - ALLOW_ANONYMOUS_LOGIN=yes networks: - nifi nifi0: <<: *base container_name: nifi0 volumes: - nifi_certs:/opt/certs:ro - nifi0_conf:/opt/nifi/nifi-current/conf - nifi0_extensions:/opt/nifi/nifi-current/extensions - nifi0_database_repository:/opt/nifi/nifi-current/database_repository - nifi0_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi0_content_repository:/opt/nifi/nifi-current/content_repository - nifi0_provenance_repository:/opt/nifi/nifi-current/provenance_repository - nifi0_state:/opt/nifi/nifi-current/state - nifi0_logs:/opt/nifi/nifi-current/logs environment: <<: *nifi-environment NIFI_CLUSTER_ADDRESS: "nifi0" networks: - nifi - npm_bridge nifi1: <<: *base container_name: nifi1 volumes: - nifi_certs:/opt/certs:ro - nifi1_conf:/opt/nifi/nifi-current/conf - nifi1_extensions:/opt/nifi/nifi-current/extensions - nifi1_database_repository:/opt/nifi/nifi-current/database_repository - nifi1_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi1_content_repository:/opt/nifi/nifi-current/content_repository - nifi1_provenance_repository:/opt/nifi/nifi-current/provenance_repository - nifi1_state:/opt/nifi/nifi-current/state - nifi1_logs:/opt/nifi/nifi-current/logs environment: <<: *nifi-environment NIFI_CLUSTER_ADDRESS: "nifi1" networks: - nifi - npm_bridge networks: nifi: driver: bridge npm_bridge: external: true volumes: nifi_certs: external: true # nifi 0 nifi0_conf: nifi0_extensions: nifi0_database_repository: nifi0_flowfile_repository: nifi0_content_repository: nifi0_provenance_repository: nifi0_state: nifi0_logs: # nifi 1 nifi1_conf: nifi1_extensions: nifi1_database_repository: nifi1_flowfile_repository: nifi1_content_repository: nifi1_provenance_repository: nifi1_state: nifi1_logs: I'm using Nginx Proxy Manager, so my config is as follows server { set $forward_scheme https; set $server "nifi0"; set $port 8443; listen 80; listen 443 ssl http2; server_name nifi0.mysite.com; # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-ciphers.conf; # letsencrypt certificate ssl_certificate /etc/letsencrypt/live/npm-1/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-1/privkey.pem; # Block Exploits include conf.d/include/block-exploits.conf; # Force SSL include conf.d/include/force-ssl.conf; access_log /data/logs/proxy-host-3_access.log proxy; error_log /data/logs/proxy-host-3_error.log warn; # My actual configuration location / { proxy_set_header X-ProxyScheme https; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 443; proxy_set_header X-ProxyContextPath /; proxy_set_header X-ProxiedEntitiesChain <$ssl_client_s_dn>; proxy_pass $forward_scheme://$server:$port$request_uri; } # Custom include /data/nginx/custom/server_proxy[.]conf; } The error is: NiFi login error But no error is generated at nifi-user.log file. Thank you.
... View more
Labels:
- Labels:
-
Apache NiFi