Hi David. This is very helpful, thank you. I feel like I am close, but I get an error. My Inbound Rules for my security group now include: 8443 TCP (MyIP)/32 443 TCP (MyIP)/32 22 TCP (MyIP)/32
In my browser - I tried both Edge and Chrome - I use this URL: https://ec2-3-238-27-230.compute-1.amazonaws.com:8443 I have also tried with /nifi at the tail end. I get this error: *System Error* *The request contained an invalid host header [ec2-3-238-27-220.compute-1.amazonaws.com:8443 <http://ec2-3-238-27-220.compute-1.amazonaws.com:8443/>] in the request [/]. Check for request manipulation or third-party intercept.* *Valid host headers are [empty] or:* - *127.0.0.1* - *127.0.0.1:8443 <http://127.0.0.1:8443/>* - *localhost* - *localhost:8443* - *[::1]* - *[::1]:8443* - *7f661ae687d7* - *7f661ae687d7:8443* - *172.17.0.2* - *172.17.0.2:8443 <http://172.17.0.2:8443/>* Does this mean I have formed the URL incorrectly? I also see that I had to add an exception to permit https. When I created the instance, I created my own pem key pair. It is not signed by any CA. For a self-signed key pair like this, do I need to install a key in my browser security store to avoid adding that exception? Thank you for helping me get that much closer. Jim On Tue, Nov 8, 2022 at 5:13 PM David Handermann <exceptionfact...@apache.org> wrote: > Hi Jim, > > Thanks for the reply and additional background. > > The instructions are dated March 2021, which is prior to the release of > NiFi 1.14.0. In particular, the run command is no longer accurate with the > default NiFi container image. > > The current Docker Hub instructions [1] show the basic command needed > > docker run --name nifi -p 8443:8443 -d apache/nifi:latest > > In addition, any references to port 8080 in the AWS Security Group rules > should be changed to 8443. The security group rules for port 80 and 18080 > should be removed. > > The instructions that allow plain HTTP access to NiFi on port 8080 should > NEVER be followed, as this exposes unfiltered and unauthenticated access. > > Following those changes, it should be possible to access the NiFi UI using > the AWS URL: > > https://ec2...amazonaws.com:8443 > > The default installation will generate a username and password, which can > be found in the container logs: > > docker logs nifi | grep Generated > > Regards, > David Handermann > > [1] https://hub.docker.com/r/apache/nifi > > On Tue, Nov 8, 2022 at 4:00 PM James McMahon <jsmcmah...@gmail.com> wrote: > >> Hi and thank you, David and Dmitry. In my case I was following this >> example, >> >> https://joeygoksu.com/software/apache-nifi-on-aws/ >> >> which results in NiFi installed within a container. So to answer one of >> your questions, I don’t yet know how or where to find nifi.properties in >> the container framework. I don’t seem to have the usual /opt/nifi/….. >> directories on my ec2 instance. Any idea where I need to look for that? >> >> These ports are open by my security group Inbound Rules: 22 to MyIP, 80, >> 8080, and 18080 (per the link) to 0.0.0.0/0, 443 to MyIP. >> >> I am able to Putty into my instance as ec2-user with my ppk file, which I >> created using putty tools from the original pem key pair. When I do putty >> in, under /opt I find three subdirectories: aws, containerd, and rh. >> Nothing nifi under any of the three that I can see so far. >> >> I start my docker instance with this command: >> docker run —name nifi -p 18080:8080 -d apache/nifi:latest >> >> I can do a ps -ef and see running nifi processes. But I don’t yet know >> how to get to the nifi logs or properties file. >> >> You mentioned using using localhost to get to the canvas UI. This >> confuses me. Nifi is running on my EC2 instance - a linux host without a >> browser. I’m in a browser on my laptop. How would localhost in my browser >> get me to my EC2 instance running nifi? >> >> This is the URL I’m using in my browser: >> http://ec2-3-238-27-220.compute-1.amazonaws.com >> (that url changes with each Stop/Start of my instance. I’ve yet to >> investigate how to get AWS to stop changing that IP, but I know it can be >> done). >> >> The browser replies with: ec2…….amazonaws refused to connect. >> >> I can ping my laptop IP address from the putty terminal where I am logged >> in to my instance. I cannot ping the Public DNS of my instance from >> Powershell on my laptop. Again, that Public DNS is >> ec2-3-238-27-220.compute-1.amazonaws.com >> >> Any help is much appreciated. >> Jim >> >> >> >> On Tue, Nov 8, 2022 at 3:03 PM David Handermann < >> exceptionfact...@apache.org> wrote: >> >>> Hi Jim, >>> >>> NiFi 1.14.0 and following default to HTTPS on port 8443, listening on >>> the localhost address. The nifi.web.https.host can be changed to blank in >>> order to listen on all interfaces, but the default HTTPS setting with >>> authenticated required should be retained. >>> >>> Can you provide the version of NiFi and some additional details on the >>> nifi.web values from nifi.properties? >>> >>> Regards, >>> David Handermann >>> >>> On Tue, Nov 8, 2022 at 1:54 PM James McMahon <jsmcmah...@gmail.com> >>> wrote: >>> >>>> Has anyone successfully configured NiFi on AWS, and accessed it from a >>>> browser on a Windows desktop? I’ve tried following a few links to do this. >>>> I’ve verified that my instance security group allows access to 8080 via its >>>> inbound rules. I’ve putty’ed into the instance via ssh port 22 to verify >>>> that there are no firewall restrictions. But still I get a message to the >>>> effect that the server rejected the connection request. Can anyone >>>> recommend a link that describes a success path for this? >>>> Thanks in advance for your help. >>>> Jim >>>> >>>