[
https://issues.apache.org/jira/browse/NIFI-6740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Burgess updated NIFI-6740:
-------------------------------
Fix Version/s: 1.16.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> No way to configure bootstrap or nifi command/control ports
> -----------------------------------------------------------
>
> Key: NIFI-6740
> URL: https://issues.apache.org/jira/browse/NIFI-6740
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Steve Lawrence
> Priority: Major
> Fix For: 1.16.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Currently, when Bootstrap starts it binds to a random ephemeral port on
> localhost in {{NifiListener.java}}:
> {code:java}
> serverSocket = new ServerSocket();
> serverSocket.bind(new InetSocketAddress("localhost", 0));
> {code}
> And then it passes this port to NiFi via the
> {{-Dnifi.bootstrap.listener.port}} argument.
> Subsequently, NiFi will also bind to a random ephemeral port in
> {{BootstrapListener.java}}, and then pass that port to Boostrap via the port
> that was passed in.
> These two ports provide a method of communication for command/control between
> the Bootstrap and Nifi processes.
> Unfortunately, because these ports are ephemeral and change on every start
> up, it makes it difficult to have predfined security policies (e.g.
> iptables/firewall) in place for these ports.
> To resolve this, one solution is to add new configuration options to
> bootstrap.conf/nifi.properties, which would allow administrators to define
> values for these ports. This ensures that everytime NiFi starts, the
> command/control ports will remain constant allowing for pre-defined security
> policies to be created. For backwards compatbility, the options can default
> to zero to maintain the ephemeral port behavior.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
