[nifi] branch main updated: NIFI-8784 Make NIFI_WEB_PROXY_HOST work with single user auth

exceptionfactory Thu, 22 Jul 2021 13:55:06 -0700

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git



The following commit(s) were added to refs/heads/main by this push:
     new 871360a  NIFI-8784 Make NIFI_WEB_PROXY_HOST work with single user auth
871360a is described below

commit 871360a5ee0281c3ecfcc79047003df82cc0a9c6
Author: Joey Frazee <[email protected]>
AuthorDate: Fri Jul 16 13:53:53 2021 -0700

    NIFI-8784 Make NIFI_WEB_PROXY_HOST work with single user auth
    
    This closes #5226
    
    Signed-off-by: David Handermann <[email protected]>
---
 nifi-docker/dockerhub/sh/secure.sh   |  7 -------
 nifi-docker/dockerhub/sh/start.sh    | 17 +++++++++++------
 nifi-docker/dockermaven/sh/secure.sh |  7 -------
 nifi-docker/dockermaven/sh/start.sh  | 17 +++++++++++------
 4 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/nifi-docker/dockerhub/sh/secure.sh 
b/nifi-docker/dockerhub/sh/secure.sh
index 4358730..4fff214 100755
--- a/nifi-docker/dockerhub/sh/secure.sh
+++ b/nifi-docker/dockerhub/sh/secure.sh
@@ -66,13 +66,6 @@ prop_replace 'nifi.cluster.protocol.is.secure' 
"${NIFI_CLUSTER_IS_NODE:-false}"
 # Setup nifi-toolkit
 prop_replace 'baseUrl' 
"https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}"; 
${nifi_toolkit_props_file}
 
-# Check if the user has specified a nifi.web.proxy.host setting and handle 
appropriately
-if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
-    echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a 
secure mode.  The NiFi UI may be inaccessible if using port mapping.'
-else
-    prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
-fi
-
 # Configure Authorizer and Login Identity Provider
 prop_replace 'nifi.security.user.authorizer' 
"${NIFI_SECURITY_USER_AUTHORIZER:-managed-authorizer}"
 prop_replace 'nifi.security.user.login.identity.provider' 
"${NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER}"
diff --git a/nifi-docker/dockerhub/sh/start.sh 
b/nifi-docker/dockerhub/sh/start.sh
index 2730b62..9cce534 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -35,6 +35,7 @@ fi
 # Establish baseline properties
 prop_replace 'nifi.web.https.port'              "${NIFI_WEB_HTTPS_PORT:-8443}"
 prop_replace 'nifi.web.https.host'              
"${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
+prop_replace 'nifi.web.proxy.host'              "${NIFI_WEB_PROXY_HOST}"
 prop_replace 'nifi.remote.input.host'           
"${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
 prop_replace 'nifi.remote.input.socket.port'    
"${NIFI_REMOTE_INPUT_SOCKET_PORT:-10000}"
 prop_replace 'nifi.remote.input.secure'         'true'
@@ -66,6 +67,15 @@ if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then
     prop_replace 'truststore'                                 '' 
${nifi_toolkit_props_file}
     prop_replace 'truststoreType'                             '' 
${nifi_toolkit_props_file}
     prop_replace 'baseUrl' 
"http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT}"; 
${nifi_toolkit_props_file}
+
+    if [ -n "${NIFI_WEB_PROXY_HOST}" ]; then
+        echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in 
a secure mode. Unsetting nifi.web.proxy.host.'
+        prop_replace 'nifi.web.proxy.host' ''
+    fi
+else
+    if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
+        echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in 
a secure mode. The NiFi UI may be inaccessible if using port mapping or 
connecting through a proxy.'
+    fi
 fi
 
 prop_replace 'nifi.variable.registry.properties'    
"${NIFI_VARIABLE_REGISTRY_PROPERTIES:-}"
@@ -110,14 +120,9 @@ case ${AUTH} in
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
         ;;
-    *)
-        if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
-            echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to 
run in a secure mode.  Will not update nifi.web.proxy.host.'
-        fi
-        ;;
 esac
 
-# Continuously provide logs so that 'docker logs' can    produce them
+# Continuously provide logs so that 'docker logs' can produce them
 "${NIFI_HOME}/bin/nifi.sh" run &
 nifi_pid="$!"
 tail -F --pid=${nifi_pid} "${NIFI_HOME}/logs/nifi-app.log" &
diff --git a/nifi-docker/dockermaven/sh/secure.sh 
b/nifi-docker/dockermaven/sh/secure.sh
index 4358730..4fff214 100755
--- a/nifi-docker/dockermaven/sh/secure.sh
+++ b/nifi-docker/dockermaven/sh/secure.sh
@@ -66,13 +66,6 @@ prop_replace 'nifi.cluster.protocol.is.secure' 
"${NIFI_CLUSTER_IS_NODE:-false}"
 # Setup nifi-toolkit
 prop_replace 'baseUrl' 
"https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}"; 
${nifi_toolkit_props_file}
 
-# Check if the user has specified a nifi.web.proxy.host setting and handle 
appropriately
-if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
-    echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a 
secure mode.  The NiFi UI may be inaccessible if using port mapping.'
-else
-    prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
-fi
-
 # Configure Authorizer and Login Identity Provider
 prop_replace 'nifi.security.user.authorizer' 
"${NIFI_SECURITY_USER_AUTHORIZER:-managed-authorizer}"
 prop_replace 'nifi.security.user.login.identity.provider' 
"${NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER}"
diff --git a/nifi-docker/dockermaven/sh/start.sh 
b/nifi-docker/dockermaven/sh/start.sh
index b3207c5..ce27142 100755
--- a/nifi-docker/dockermaven/sh/start.sh
+++ b/nifi-docker/dockermaven/sh/start.sh
@@ -35,6 +35,7 @@ fi
 # Establish baseline properties
 prop_replace 'nifi.web.https.port'              "${NIFI_WEB_HTTPS_PORT:-8443}"
 prop_replace 'nifi.web.https.host'              
"${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
+prop_replace 'nifi.web.proxy.host'              "${NIFI_WEB_PROXY_HOST}"
 prop_replace 'nifi.remote.input.host'           
"${NIFI_REMOTE_INPUT_HOST:-$HOSTNAME}"
 prop_replace 'nifi.remote.input.socket.port'    
"${NIFI_REMOTE_INPUT_SOCKET_PORT:-10000}"
 prop_replace 'nifi.remote.input.secure'         'true'
@@ -66,6 +67,15 @@ if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then
     prop_replace 'truststore'                                 '' 
${nifi_toolkit_props_file}
     prop_replace 'truststoreType'                             '' 
${nifi_toolkit_props_file}
     prop_replace 'baseUrl' 
"http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT}"; 
${nifi_toolkit_props_file}
+
+    if [ -n "${NIFI_WEB_PROXY_HOST}" ]; then
+        echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in 
a secure mode. Unsetting nifi.web.proxy.host.'
+        prop_replace 'nifi.web.proxy.host' ''
+    fi
+else
+    if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
+        echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in 
a secure mode. The NiFi UI may be inaccessible if using port mapping or 
connecting through a proxy.'
+    fi
 fi
 
 prop_replace 'nifi.variable.registry.properties'    
"${NIFI_VARIABLE_REGISTRY_PROPERTIES:-}"
@@ -110,14 +120,9 @@ case ${AUTH} in
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
         ;;
-    *)
-        if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
-            echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to 
run in a secure mode.  Will not update nifi.web.proxy.host.'
-        fi
-        ;;
 esac
 
-# Continuously provide logs so that 'docker logs' can    produce them
+# Continuously provide logs so that 'docker logs' can produce them
 tail -F "${NIFI_HOME}/logs/nifi-app.log" &
 "${NIFI_HOME}/bin/nifi.sh" run &
 nifi_pid="$!"

[nifi] branch main updated: NIFI-8784 Make NIFI_WEB_PROXY_HOST work with single user auth

Reply via email to