Andy,
Thanks for taking a look… May end up just needing to uninstall/reinstall and see if the same issues happen again. I may trying upgrading to a newer version of nifi as well. Again…appreciate you all taking a look. Thanks, Dan From: Andy LoPresto <alopre...@apache.org> Reply-To: <users@nifi.apache.org> Date: Wednesday, July 26, 2017 at 3:17 PM To: <users@nifi.apache.org> Subject: Re: NiFi UI Not Starting Dan, Sorry we are not more helpful on this. Seems to be an extremely unusual circumstance. I would suggest modifying bootstrap.conf to enable remote debugging and use your IDE to step through the execution of the Jetty code. Something about the logic path is different when creating the HTTPS connector — either the context factory is not getting formed correctly, the network interfaces are not being enumerated, or something is violating an external permission/policy block. I will try to reproduce this locally as well but I have not encountered this before when setting up a secure 0.x instance. Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 On Jul 26, 2017, at 11:37 AM, Dan Morris <dgmorri...@gmail.com> wrote: Hi Andy, It’s the same instance of nifi… in our nifi.properties file, we just comment/uncomment the “Disable TLS” or “Enable TLS” sections depending on which “mode” we want nifi to run in. When we comment out the “Enable TLS” section and uncomment the “Disable TLS” sections, the the UI binds to both localhost and the IPv4 Address (the only other eth device). Thanks, Dan Morris Mobile: 443-992-2848 GV: 410-861-0206 From: Andy LoPresto <alopre...@apache.org> Reply-To: <users@nifi.apache.org> Date: Wednesday, July 26, 2017 at 2:30 PM To: <users@nifi.apache.org> Subject: Re: NiFi UI Not Starting Dan, You said that if you run an unsecured instance of NiFi on the production server, it starts successfully? What host(s) does it bind to in that case? Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 On Jul 26, 2017, at 11:21 AM, Andy LoPresto <alopre...@apache.org> wrote: I have to refamiliarize myself with 0.7.0 as it’s a bit of an older version, but the code we should be looking at is [1] and [2]. [1] https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L557 [2] https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L797 Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 On Jul 26, 2017, at 11:15 AM, Dan Morris <dgmorri...@gmail.com> wrote: We tried: nifi.web.https.host=localhost nifi.web.https.host= nifi.web.https.host=0.0.0.0 no impact, UI still would not bind to HTTPS port. We decided to leave it at 0.0.0.0 as that’s the recommended configuration in the Administrators guide for binding to all interfaces. Thanks, Dan Morris Mobile: 443-992-2848 GV: 410-861-0206 From: Andy LoPresto <alopre...@apache.org> Reply-To: <users@nifi.apache.org> Date: Wednesday, July 26, 2017 at 1:56 PM To: <users@nifi.apache.org> Subject: Re: NiFi UI Not Starting Dan, I am wondering if it is an issue with binding to 0.0.0.0 — are there any differences between the test and production server non-NiFi configurations that would prevent this? Can you try setting nifi.web.https.host=localhost instead? Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 On Jul 26, 2017, at 10:44 AM, Dan Morris <dgmorri...@gmail.com> wrote: Hi Joe, I’ve attached relevant files… tried to redact sensitive info… hope I didn’t cut too much from the logs… Thanks, Dan On 7/26/17, 9:30 AM, "Joe Witt" <joe.w...@gmail.com> wrote: Dan - are you able to share the nifi-app and nifi-bootstrap logs? Thanks On Wed, Jul 26, 2017 at 9:21 AM, Dan Morris <dgmorri...@gmail.com> wrote: Hello, I’m having an issue getting NiFi to start correctly. Here’s my situation: I’m currently running v0.7.0. I have a production server and a test server, with identical configurations (OS, Java, Java security config, nifi versions, nifi configs, keystores/truststores, etc). When I run nifi via normal HTTP (e.g. no security) in both Prod/Test they both start & load the UI as expected. When I run nifi via HTTPs (e.g. security settings) the Test server starts and loads UI as expected. However, on the Prod system, I receive the following error and java does not bind to 8443: 2017-07-25 16:30:51,346 WARN [main] org.apache.nifi.web.server.JettyServer NiFi has started, but the UI is not available on any hosts. Please verify the host properties. I reviewed the source code and it looks like this error is logged when the “URLs” is empty. Here is what I *think* are the relevant properties from my nifi config, when trying to start up using TLS (running on both Prod & Test), again, Test starts fine, Prod throws the error above. # Enable TLS nifi.web.http.host= nifi.web.https.host=0.0.0.0 nifi.web.http.port= nifi.web.https.port=8443 nifi.security.keystore=<path_to_keystore> nifi.security.keystoreType=JKS nifi.security.keystorePasswd=<keystore_password> nifi.security.keyPasswd=<key_password> nifi.security.truststore=<path_to_trust_store> nifi.security.truststoreType=JKS nifi.security.truststorePasswd=<trust_store_password> nifi.security.needClientAuth=true Again, I’ve manually validated the correct paths, correct passwords to JKS files., etc. I’ve verified that there are no other processes binding to 8443 possibly blocking nifi from the port. I’ve tried changing the port number (e.g. to 8445), no effect I’ve turned off IPTables. Generally, I run nifi as a “nifi” user, however, I’ve also tried running it as root to see if that had an effect of allowing the UI on Prod to start…no impact. I’ve tried also starting up nifi with a blank/default flow file, no effect. Any thoughts/suggestions on what I can do next, short of uninstalling nifi and reinstalling? Thanks, Dan <bootstrap.conf><nifi-app.log><nifi-bootstrap.log><nifi.properties>
