[
https://issues.apache.org/jira/browse/NIFIREG-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16350687#comment-16350687
]
ASF GitHub Bot commented on NIFIREG-120:
----------------------------------------
Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi-registry/pull/89#discussion_r165704918
--- Diff: nifi-registry-docker/dockerhub/README.md ---
@@ -0,0 +1,127 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+# Docker Image Quickstart
+
+## Capabilities
+This image currently supports running in standalone mode either unsecured
or with user authentication provided through:
+ * [Two-Way SSL with Client
Certificates](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#security-configuration)
+ * [Lightweight Directory Access Protocol
(LDAP)](https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#ldap_identity_provider)
+
+## Building
+The Docker image can be built using the following command:
+
+ .
~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerBuild.sh
+
+This will attempt to build and tag an image matching the string in
DockerImage.txt
+
+ dockerhub dchaffey$ cat DockerImage.txt
+ > apache/nifi-registry:0.1.0
+ docker images
+ > REPOSITORY TAG IMAGE ID
CREATED SIZE
+ > apache/nifi-registry 0.1.0 751428cbf631 15
minutes ago 342MB
+
+**Note**: The default version of NiFi-Registry specified by the Dockerfile
is typically that of one that is unreleased if working from source.
+To build an image for a prior released version, one can override the
`NIFI_REGISTRY_VERSION` build-arg with the following command:
+
+ docker build --build-arg=NIFI_REGISRTY_VERSION={Desired NiFi-Registry
Version} -t apache/nifi-registry:latest .
+
+There is, however, no guarantee that older versions will work as
properties have changed and evolved with subsequent releases.
+The configuration scripts are suitable for at least 0.1.0+.
+
+## Running a container
+
+### Standalone Instance, Unsecured
+The minimum to run a NiFi Registry instance is as follows:
+
+ .
~/Projects/nifi-dev/nifi-registry/nifi-registry-docker/dockerhub/DockerRun.sh
+
+This will provide a running instance, exposing the instance UI to the host
system on at port 18080,
+viewable at `http://localhost:18080/nifi-registry`.
+For a list of the environment variables recognised in this build, look
into the .sh/secure.sh and .sh/start.sh scripts
+
+### Standalone Instance, Two-Way SSL
+In this configuration, the user will need to provide certificates and the
associated configuration information.
+Of particular note, is the `AUTH` environment variable which is set to
`tls`. Additionally, the user must provide an
+the DN as provided by an accessing client certificate in the
`INITIAL_ADMIN_IDENTITY` environment variable.
+This value will be used to seed the instance with an initial user with
administrative privileges.
+Finally, this command makes use of a volume to provide certificates on the
host system to the container instance.
+
+ docker run --name nifi-registry \
+ -v /User/bob/certs/localhost:/opt/certs \
+ -p 8443:8443 \
+ -e AUTH=tls \
+ -e KEYSTORE_PATH=/opt/certs/keystore.jks \
+ -e KEYSTORE_TYPE=JKS \
+ -e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \
+ -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
+ -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
+ -e TRUSTSTORE_TYPE=JKS \
+ -e INITIAL_ADMIN_IDENTITY='CN=Random User, O=Apache,
OU=NiFiRegistry, C=US' \
+ -d \
+ apache/nifi-registry:latest
+
+### Standalone Instance, LDAP
+In this configuration, the user will need to provide certificates and the
associated configuration information. Optionally,
+if the LDAP provider of interest is operating in LDAPS or START_TLS modes,
certificates will additionally be needed.
+Of particular note, is the `AUTH` environment variable which is set to
`ldap`. Additionally, the user must provide a
+DN as provided by the configured LDAP server in the
`INITIAL_ADMIN_IDENTITY` environment variable. This value will be
+used to seed the instance with an initial user with administrative
privileges. Finally, this command makes use of a
+volume to provide certificates on the host system to the container
instance.
+
+#### For a minimal, connection to an LDAP server using SIMPLE
authentication:
+
+ docker run --name nifi-registry \
+ -v /User/bob/certs/localhost:/opt/certs \
+ -p 8443:8443 \
+ -e AUTH=tls \
+ -e KEYSTORE_PATH=/opt/certs/keystore.jks \
+ -e KEYSTORE_TYPE=JKS \
+ -e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \
+ -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
+ -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
+ -e TRUSTSTORE_TYPE=JKS \
+ -e INITIAL_ADMIN_IDENTITY='cn=admin,dc=example,dc=org' \
+ -e LDAP_AUTHENTICATION_STRATEGY='SIMPLE' \
+ -e LDAP_MANAGER_DN='cn=admin,dc=example,dc=org' \
+ -e LDAP_MANAGER_PASSWORD='password' \
+ -e LDAP_USER_SEARCH_BASE='dc=example,dc=org' \
+ -e LDAP_USER_SEARCH_FILTER='cn={0}' \
+ -e LDAP_IDENTITY_STRATEGY='USE_DN' \
+ -e LDAP_URL='ldap://ldap:389' \
+ -d \
+ apache/nifi-registry:latest
+
+#### The following, optional environment variables may be added to the
above command when connecting to a secure LDAP server configured with
START_TLS or LDAPS
+
+ -e LDAP_TLS_KEYSTORE: ''
+ -e LDAP_TLS_KEYSTORE_PASSWORD: ''
+ -e LDAP_TLS_KEYSTORE_TYPE: ''
+ -e LDAP_TLS_TRUSTSTORE: ''
+ -e LDAP_TLS_TRUSTSTORE_PASSWORD: ''
+ -e LDAP_TLS_TRUSTSTORE_TYPE: ''
+
+## Configuration Information
+The following ports are specified by default in Docker for NiFi-Registry
operation within the container and
+can be published to the host.
+
+| Function | Property | Port |
+|--------------------------|-------------------------------|-------|
+| HTTP Port | nifi.web.http.port | 18080 |
+| HTTPS Port | nifi.web.https.port | 18443 |
--- End diff --
These properties need to be updated for Registry. Given all the examples
above of how to expose ports, I also think this section could just be dropped
now.
> Basic Docker Image
> ------------------
>
> Key: NIFIREG-120
> URL: https://issues.apache.org/jira/browse/NIFIREG-120
> Project: NiFi Registry
> Issue Type: Improvement
> Affects Versions: 0.1.0
> Reporter: Daniel Chaffelson
> Priority: Minor
> Fix For: 0.2.0
>
>
> It would be convenient if NiFi Registry had an integrated Docker image ready
> for uploading to Dockerhub, similar to the main NiFi Project, for ease of
> integration testing.
> This could probably be ported, with some changes, from the same approach used
> in the main NiFi project for continuity.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
