MINIFI-4788 Exposing nifi.web.proxy.host configuration for Docker containers.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/29b82727 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/29b82727 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/29b82727 Branch: refs/heads/HDF-3.1-maint Commit: 29b82727a10ba44dda2acc545056d78db126901c Parents: aa4384b Author: Aldrin Piri <ald...@apache.org> Authored: Tue Jan 23 10:43:45 2018 -0500 Committer: Aldrin Piri <ald...@apache.org> Committed: Thu May 10 11:49:14 2018 -0400 ---------------------------------------------------------------------- nifi-docker/dockerhub/README.md | 3 +++ nifi-docker/dockerhub/sh/secure.sh | 7 +++++++ nifi-docker/dockerhub/sh/start.sh | 5 +++++ 3 files changed, 15 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/29b82727/nifi-docker/dockerhub/README.md ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md index d87765e..2998aa0 100644 --- a/nifi-docker/dockerhub/README.md +++ b/nifi-docker/dockerhub/README.md @@ -123,3 +123,6 @@ can be published to the host. | HTTP Port | nifi.web.http.port | 8080 | | HTTPS Port | nifi.web.https.port | 8443 | | Remote Input Socket Port | nifi.remote.input.socket.port | 10000 | + +**NOTE**: If mapping the HTTPS port specifying trusted hosts should be provided for the property _nifi.web.proxy.host_. This property can be specified to running instances +via specifying an environment variable at container instantiation of _NIFI\_WEB\_PROXY\_HOST_. http://git-wip-us.apache.org/repos/asf/nifi/blob/29b82727/nifi-docker/dockerhub/sh/secure.sh ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh index 4609005..2de53c6 100644 --- a/nifi-docker/dockerhub/sh/secure.sh +++ b/nifi-docker/dockerhub/sh/secure.sh @@ -52,6 +52,13 @@ prop_replace 'nifi.web.https.port' '8443' prop_replace 'nifi.web.https.host' "${hostname}" prop_replace 'nifi.remote.input.secure' 'true' +# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately +if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then + echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode. The NiFi UI may be inaccessible if using port mapping.' +else + prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}" +fi + # Establish initial user and an associated admin identity sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml http://git-wip-us.apache.org/repos/asf/nifi/blob/29b82727/nifi-docker/dockerhub/sh/start.sh ---------------------------------------------------------------------- diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh index df79ad6..d1c2754 100755 --- a/nifi-docker/dockerhub/sh/start.sh +++ b/nifi-docker/dockerhub/sh/start.sh @@ -41,6 +41,11 @@ case ${AUTH} in . "${scripts_dir}/secure.sh" . "${scripts_dir}/update_login_providers.sh" ;; + *) + if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then + echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode. Will not update nifi.web.proxy.host.' + fi + ;; esac # Continuously provide logs so that 'docker logs' can produce them