Repository: nifi Updated Branches: refs/heads/master 364985fb4 -> 7c0ee014d
NIFI-4788 This closes #2427. Exposing nifi.web.proxy.host configuration for Docker containers. Signed-off-by: joewitt <joew...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/7c0ee014 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/7c0ee014 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/7c0ee014 Branch: refs/heads/master Commit: 7c0ee014d339588547a2bab18a68f7d1dfdd28af Parents: 364985f Author: Aldrin Piri <ald...@apache.org> Authored: Tue Jan 23 10:43:45 2018 -0500 Committer: joewitt <joew...@apache.org> Committed: Tue Apr 3 07:49:06 2018 -0700 ---------------------------------------------------------------------- nifi-docker/dockerhub/README.md | 3 +++ nifi-docker/dockerhub/sh/secure.sh | 7 +++++++ nifi-docker/dockerhub/sh/start.sh | 5 +++++ 3 files changed, 15 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/README.md ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md index 4d9a559..31e808e 100644 --- a/nifi-docker/dockerhub/README.md +++ b/nifi-docker/dockerhub/README.md @@ -134,3 +134,6 @@ can be published to the host. | HTTPS Port | nifi.web.https.port | 8443 | | Remote Input Socket Port | nifi.remote.input.socket.port | 10000 | +======= +**NOTE**: If mapping the HTTPS port specifying trusted hosts should be provided for the property _nifi.web.proxy.host_. This property can be specified to running instances +via specifying an environment variable at container instantiation of _NIFI\_WEB\_PROXY\_HOST_. http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/secure.sh ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh index 919e118..5ff56e4 100644 --- a/nifi-docker/dockerhub/sh/secure.sh +++ b/nifi-docker/dockerhub/sh/secure.sh @@ -52,6 +52,13 @@ prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}" prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}" prop_replace 'nifi.remote.input.secure' 'true' +# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately +if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then + echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode. The NiFi UI may be inaccessible if using port mapping.' +else + prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}" +fi + # Establish initial user and an associated admin identity sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/start.sh ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh index 7e340a6..2775bc7 100755 --- a/nifi-docker/dockerhub/sh/start.sh +++ b/nifi-docker/dockerhub/sh/start.sh @@ -41,6 +41,11 @@ case ${AUTH} in . "${scripts_dir}/secure.sh" . "${scripts_dir}/update_login_providers.sh" ;; + *) + if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then + echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode. Will not update nifi.web.proxy.host.' + fi + ;; esac # Continuously provide logs so that 'docker logs' can produce them