[ https://issues.apache.org/jira/browse/NIFIREG-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16350685#comment-16350685 ]
ASF GitHub Bot commented on NIFIREG-120: ---------------------------------------- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/89#discussion_r165668227 --- Diff: nifi-registry-docker/dockerhub/sh/secure.sh --- @@ -0,0 +1,56 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +scripts_dir='/opt/nifi-registry/scripts' + +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" + +# Perform idempotent changes of configuration to support secure environments +echo 'Configuring environment with SSL settings' + +: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} +if [ ! -f "${KEYSTORE_PATH}" ]; then + echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." + exit 1 +fi +: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} +: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} + +: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} +if [ ! -f "${TRUSTSTORE_PATH}" ]; then + echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." + exit 1 +fi +: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} +: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} + +prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}" +prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}" +prop_replace 'nifi.registry.security.keystorePasswd' "${KEYSTORE_PASSWORD}" --- End diff -- Noticed we don't have a way to specify `nifi.registry.security.keystorePasswd` through env variables. This is the case for the NiFi docker image as well. The default behavior on startup is to use the keystorePasswd as the keyPasswd, and I think that is good for most use cases, but at some point it might be nice to add the ability to set `nifi.registry.security.keyPasswd` via the env var KEY_PASSWORD. Can add that as an enhancement for NiFi as well. > Basic Docker Image > ------------------ > > Key: NIFIREG-120 > URL: https://issues.apache.org/jira/browse/NIFIREG-120 > Project: NiFi Registry > Issue Type: Improvement > Affects Versions: 0.1.0 > Reporter: Daniel Chaffelson > Priority: Minor > Fix For: 0.2.0 > > > It would be convenient if NiFi Registry had an integrated Docker image ready > for uploading to Dockerhub, similar to the main NiFi Project, for ease of > integration testing. > This could probably be ported, with some changes, from the same approach used > in the main NiFi project for continuity. -- This message was sent by Atlassian JIRA (v7.6.3#76005)