[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068: URL: https://github.com/apache/nifi/pull/5068#discussion_r637420274 ## File path: nifi-docs/src/main/asciidoc/administration-guide.adoc ## @@ -84,15 +84,14 @@ The following table lists the default ports used by NiFi and the corresponding p [options="header,footer"] |== | Function| Property | Default Value -|HTTP Port| `nifi.web.http.port` | `8080` -|HTTPS Port* | `nifi.web.https.port` | `9443` +|HTTPS Port | `nifi.web.https.port` | `8443` |Remote Input Socket Port*| `nifi.remote.input.socket.port` | `10443` |Cluster Node Protocol Port* | `nifi.cluster.node.protocol.port` | `11443` |Cluster Node Load Balancing Port | `nifi.cluster.node.load.balance.port` | `6342` |Web HTTP Forwarding Port | `nifi.web.http.port.forwarding` | _none_ |== -NOTE: The ports marked with an asterisk (*) have property values that are blank by default in _nifi.properties_. The values shown in the table are the default values for these ports when <> is used to generate _nifi.properties_ for a secured NiFi instance. The default Certificate Authority Port used by <> is `8443`. +NOTE: The ports marked with an asterisk (*) have property values that are blank by default in _nifi.properties_. The values shown in the table are the default values for these ports when <> is used to generate _nifi.properties_ for a secured NiFi instance. The default Certificate Authority Port used by <> is `9443`. === Embedded ZooKeeper Review comment: Thanks, I updated that Administration Guide section and included a new section for Single User authentication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068:
URL: https://github.com/apache/nifi/pull/5068#discussion_r637420200
##
File path: nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile
##
@@ -43,7 +43,7 @@ RUN chown -R nifi:nifi ${NIFI_TOOLKIT_BASE_DIR}
USER nifi
# Default port for TLS Toolkit CA Server
-EXPOSE 8443
+EXPOSE 9443
Review comment:
Thanks, good catch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068: URL: https://github.com/apache/nifi/pull/5068#discussion_r637420181 ## File path: README.md ## @@ -65,67 +65,108 @@ Apache NiFi was made for dataflow. It supports highly configurable directed grap ## Getting Started -- Read through the [quickstart guide for development](http://nifi.apache.org/quickstart.html). - It will include information on getting a local copy of the source, give pointers on issue - tracking, and provide some warnings about common problems with development environments. -- For a more comprehensive guide to development and information about contributing to the project - read through the [NiFi Developer's Guide](http://nifi.apache.org/developer-guide.html). +Read through the [quickstart guide for development](http://nifi.apache.org/quickstart.html). +It will include information on getting a local copy of the source, give pointers on issue +tracking, and provide some warnings about common problems with development environments. -To build: -- Execute `mvn clean install` or for parallel build execute `mvn -T 2.0C clean install`. On a - modest development laptop that is a couple of years old, the latter build takes a bit under ten - minutes. After a large amount of output you should eventually see a success message. - -laptop:nifi myuser$ mvn -T 2.0C clean install -[INFO] Scanning for projects... -[INFO] Inspecting build with total of 115 modules... -...tens of thousands of lines elided... -[INFO] -[INFO] BUILD SUCCESS -[INFO] -[INFO] Total time: 09:24 min (Wall Clock) -[INFO] Finished at: 2015-04-30T00:30:36-05:00 -[INFO] Final Memory: 173M/1359M -[INFO] -- Execute `mvn clean install -DskipTests` to compile tests, but skip running them. - -To deploy: -- Change directory to 'nifi-assembly'. In the target directory, there should be a build of nifi. - -laptop:nifi myuser$ cd nifi-assembly -laptop:nifi-assembly myuser$ ls -lhd target/nifi* -drwxr-xr-x 3 myuser mygroup 102B Apr 30 00:29 target/nifi-1.0.0-SNAPSHOT-bin --rw-r--r-- 1 myuser mygroup 144M Apr 30 00:30 target/nifi-1.0.0-SNAPSHOT-bin.tar.gz --rw-r--r-- 1 myuser mygroup 144M Apr 30 00:30 target/nifi-1.0.0-SNAPSHOT-bin.zip +For a more comprehensive guide to development and information about contributing to the project +read through the [NiFi Developer's Guide](http://nifi.apache.org/developer-guide.html). -- For testing ongoing development you could use the already unpacked build present in the directory - named "nifi-*version*-bin", where *version* is the current project version. To deploy in another - location make use of either the tarball or zipfile and unpack them wherever you like. The - distribution will be within a common parent directory named for the version. +### Building -laptop:nifi-assembly myuser$ mkdir ~/example-nifi-deploy -laptop:nifi-assembly myuser$ tar xzf target/nifi-*-bin.tar.gz -C ~/example-nifi-deploy -laptop:nifi-assembly myuser$ ls -lh ~/example-nifi-deploy/ -total 0 -drwxr-xr-x 10 myuser mygroup 340B Apr 30 01:06 nifi-1.0.0-SNAPSHOT +Run `mvn clean install` or for parallel build execute `mvn -T 2.0C clean install`. -To run NiFi: -- Change directory to the location where you installed NiFi and run it. +The parallel build should take around fifteen minutes on modern hardware. -laptop:~ myuser$ cd ~/example-nifi-deploy/nifi-* -laptop:nifi-1.0.0-SNAPSHOT myuser$ ./bin/nifi.sh start - Issuing `bin/nifi.sh start` executes the `nifi.sh` script that starts NiFi in the background and then exits. If you want `nifi.sh` to wait for NiFi to finish scheduling all components before exiting, use the `--wait-for-init` flag with an optional timeout specified in seconds. +laptop:nifi myuser$ mvn -T 2.0C clean install +[INFO] Scanning for projects... +[INFO] Inspecting build with total of 115 modules... +...tens of thousands of lines elided... +[INFO] +[INFO] BUILD SUCCESS +[INFO] +[INFO] Total time: 09:24 min (Wall Clock) +[INFO] Finished at: 2015-04-30T00:30:36-05:00 +[INFO] Final Memory: 173M/1359M +[INFO] -laptop:nifi-1.0.0-SNAPSHOT myuser$ ./bin/nifi.sh start --wait-for-init 120 -- Direct your browser to http://localhost:8080/nifi/ and you should see a screen like this screenshot: - ![image of a
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068:
URL: https://github.com/apache/nifi/pull/5068#discussion_r634607962
##
File path: nifi-docker/dockermaven/sh/start.sh
##
@@ -33,15 +33,29 @@ if [ ! -z "${NIFI_JVM_DEBUGGER}" ]; then
fi
# Establish baseline properties
-prop_replace 'nifi.web.http.port' "${NIFI_WEB_HTTP_PORT:-8080}"
-prop_replace 'nifi.web.http.host'
"${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
+prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}"
+prop_replace 'nifi.web.https.host'
"${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.host'
"${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.socket.port'
"${NIFI_REMOTE_INPUT_SOCKET_PORT:-1}"
-prop_replace 'nifi.remote.input.secure' 'false'
+prop_replace 'nifi.remote.input.secure' 'true'
# Set nifi-toolkit properties files and baseUrl
"${scripts_dir}/toolkit.sh"
-prop_replace 'baseUrl'
"http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT:-8080};
${nifi_toolkit_props_file}
+prop_replace 'baseUrl'
"https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443};
${nifi_toolkit_props_file}
+
+if [ ! -z "${NIFI_WEB_HTTP_PORT}" ]; then
+prop_replace 'nifi.web.https.port'''
+prop_replace 'nifi.web.https.host'''
+prop_replace 'nifi.web.http.port'
"${NIFI_WEB_HTTP_PORT}"
+prop_replace 'nifi.web.http.host'
"${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
+prop_replace 'nifi.remote.input.secure' 'false'
Review comment:
Thanks again @ChrisSamo632, I appreciate the thorough review!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068: URL: https://github.com/apache/nifi/pull/5068#discussion_r634607675 ## File path: nifi-docker/dockerhub/README.md ## @@ -62,29 +66,29 @@ The configuration scripts are suitable for at least 1.4.0+. ## Running a container -### Standalone Instance, Unsecured +### Standalone Instance secured with HTTPS and Single User Authentication The minimum to run a NiFi instance is as follows: docker run --name nifi \ - -p 8080:8080 \ + -p 8443:8443 \ -d \ apache/nifi:latest -This will provide a running instance, exposing the instance UI to the host system on at port 8080, -viewable at `http://localhost:8080/nifi`. +This will provide a running instance, exposing the instance UI to the host system on at port 8443, +viewable at `https://localhost:8443/nifi`. You can also pass in environment variables to change the NiFi communication ports and hostname using the Docker '-e' switch as follows: docker run --name nifi \ - -p 9090:9090 \ + -p 9443:9443 \ Review comment: Thanks @ChrisSamo632, I agree, this is part of the example showing an alternative port configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068:
URL: https://github.com/apache/nifi/pull/5068#discussion_r634342133
##
File path: nifi-docker/dockermaven/sh/start.sh
##
@@ -33,15 +33,29 @@ if [ ! -z "${NIFI_JVM_DEBUGGER}" ]; then
fi
# Establish baseline properties
-prop_replace 'nifi.web.http.port' "${NIFI_WEB_HTTP_PORT:-8080}"
-prop_replace 'nifi.web.http.host'
"${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
+prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}"
+prop_replace 'nifi.web.https.host'
"${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.host'
"${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.socket.port'
"${NIFI_REMOTE_INPUT_SOCKET_PORT:-1}"
-prop_replace 'nifi.remote.input.secure' 'false'
+prop_replace 'nifi.remote.input.secure' 'true'
# Set nifi-toolkit properties files and baseUrl
"${scripts_dir}/toolkit.sh"
-prop_replace 'baseUrl'
"http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT:-8080};
${nifi_toolkit_props_file}
+prop_replace 'baseUrl'
"https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443};
${nifi_toolkit_props_file}
+
+if [ ! -z "${NIFI_WEB_HTTP_PORT}" ]; then
+prop_replace 'nifi.web.https.port'''
+prop_replace 'nifi.web.https.host'''
+prop_replace 'nifi.web.http.port'
"${NIFI_WEB_HTTP_PORT}"
+prop_replace 'nifi.web.http.host'
"${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
+prop_replace 'nifi.remote.input.secure' 'false'
Review comment:
Yes, this is a good opportunity to make the adjustment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068:
URL: https://github.com/apache/nifi/pull/5068#discussion_r634341647
##
File path: nifi-docker/dockerhub/sh/start.sh
##
@@ -33,15 +33,29 @@ if [ ! -z "${NIFI_JVM_DEBUGGER}" ]; then
fi
# Establish baseline properties
-prop_replace 'nifi.web.http.port' "${NIFI_WEB_HTTP_PORT:-8080}"
-prop_replace 'nifi.web.http.host'
"${NIFI_WEB_HTTP_HOST:-$HOSTNAME}"
+prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}"
+prop_replace 'nifi.web.https.host'
"${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.host'
"${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.socket.port'
"${NIFI_REMOTE_INPUT_SOCKET_PORT:-1}"
-prop_replace 'nifi.remote.input.secure' 'false'
+prop_replace 'nifi.remote.input.secure' 'true'
# Set nifi-toolkit properties files and baseUrl
"${scripts_dir}/toolkit.sh"
-prop_replace 'baseUrl'
"http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT:-8080};
${nifi_toolkit_props_file}
+prop_replace 'baseUrl'
"https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443};
${nifi_toolkit_props_file}
+
+if [ ! -z "${NIFI_WEB_HTTP_PORT}" ]; then
Review comment:
Thanks, will make the adjustment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5068: NIFI-8516 Enabled HTTPS and Single User Authentication by default
exceptionfactory commented on a change in pull request #5068: URL: https://github.com/apache/nifi/pull/5068#discussion_r632521823 ## File path: nifi-docs/src/main/asciidoc/administration-guide.adoc ## @@ -3527,7 +3527,7 @@ For example, to provide two additional network interfaces, a user could also spe + Providing three total network interfaces, including `nifi.web.http.network.interface.default`. |`nifi.web.https.host`|The HTTPS host. It is blank by default. Review comment: Thanks for catching that detail, I pushed an update with changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
