[
https://issues.apache.org/jira/browse/NIFIREG-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16350685#comment-16350685
]
ASF GitHub Bot commented on NIFIREG-120:
----------------------------------------
Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi-registry/pull/89#discussion_r165668227
--- Diff: nifi-registry-docker/dockerhub/sh/secure.sh ---
@@ -0,0 +1,56 @@
+#!/bin/sh -e
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version
2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+scripts_dir='/opt/nifi-registry/scripts'
+
+[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
+
+# Perform idempotent changes of configuration to support secure
environments
+echo 'Configuring environment with SSL settings'
+
+: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being
used."}
+if [ ! -f "${KEYSTORE_PATH}" ]; then
+ echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
+ exit 1
+fi
+: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM)
of the keystore being used."}
+: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being
used."}
+
+: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore
being used."}
+if [ ! -f "${TRUSTSTORE_PATH}" ]; then
+ echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
+ exit 1
+fi
+: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12,
PEM) of the truststore being used."}
+: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore
being used."}
+
+prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}"
+prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}"
+prop_replace 'nifi.registry.security.keystorePasswd'
"${KEYSTORE_PASSWORD}"
--- End diff --
Noticed we don't have a way to specify
`nifi.registry.security.keystorePasswd` through env variables. This is the case
for the NiFi docker image as well. The default behavior on startup is to use
the keystorePasswd as the keyPasswd, and I think that is good for most use
cases, but at some point it might be nice to add the ability to set
`nifi.registry.security.keyPasswd` via the env var KEY_PASSWORD. Can add that
as an enhancement for NiFi as well.
> Basic Docker Image
> ------------------
>
> Key: NIFIREG-120
> URL: https://issues.apache.org/jira/browse/NIFIREG-120
> Project: NiFi Registry
> Issue Type: Improvement
> Affects Versions: 0.1.0
> Reporter: Daniel Chaffelson
> Priority: Minor
> Fix For: 0.2.0
>
>
> It would be convenient if NiFi Registry had an integrated Docker image ready
> for uploading to Dockerhub, similar to the main NiFi Project, for ease of
> integration testing.
> This could probably be ported, with some changes, from the same approach used
> in the main NiFi project for continuity.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
