[
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466312#comment-16466312
]
ASF GitHub Bot commented on NIFI-5146:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2683#discussion_r186512542
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
---
@@ -601,106 +601,144 @@ private void configureConnectors(final Server
server) throws ServerConfiguration
httpConfiguration.setRequestHeaderSize(headerSize);
httpConfiguration.setResponseHeaderSize(headerSize);
- if (props.getPort() != null) {
- final Integer port = props.getPort();
- if (port < 0 || (int) Math.pow(2, 16) <= port) {
- throw new ServerConfigurationException("Invalid HTTP port:
" + port);
- }
+ // Check if both HTTP and HTTPS connectors are configured and fail
if both are configured
+ if (bothHttpAndHttpsConnectorsConfigured(props)) {
+ logger.error("NiFi only supports one mode of HTTP or HTTPS
operation, not both simultaneously. " +
+ "Check the nifi.properties file and ensure that either
the HTTP hostname and port or the HTTPS hostname and port are empty");
+ startUpFailure(new IllegalStateException("Only one of the HTTP
and HTTPS connectors can be configured at one time"));
+ }
- logger.info("Configuring Jetty for HTTP on port: " + port);
+ if (props.getSslPort() != null) {
+ configureHttpsConnector(server, httpConfiguration);
+ } else if (props.getPort() != null) {
+ configureHttpConnector(server, httpConfiguration);
+ } else {
+ logger.error("Neither the HTTP nor HTTPS connector was
configured in nifi.properties");
+ startUpFailure(new IllegalStateException("Must configure HTTP
or HTTPS connector"));
+ }
+ }
- final List<Connector> serverConnectors = Lists.newArrayList();
+ /**
+ * Configures an HTTPS connector and adds it to the server.
+ *
+ * @param server the Jetty server instance
+ * @param httpConfiguration the configuration object for the HTTPS
protocol settings
+ */
+ private void configureHttpsConnector(Server server, HttpConfiguration
httpConfiguration) {
+ String hostname = props.getProperty(NiFiProperties.WEB_HTTP_HOST);
--- End diff --
Good catch. Copied and pasted too many times.
> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---------------------------------------------------------------------------
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.6.0
> Reporter: Aldrin Piri
> Assignee: Andy LoPresto
> Priority: Major
> Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured
> in secure mode, determined by the setting of an HTTPS port. (see
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
> and
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated
> in possible combinations and explicit inclusions of a given socket that would
> be HTTP is stripped via
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes
> sense, in which case we could evaluate the relevant properties and prevent
> startup for an unintended configuration. Alternatively, we would need to
> adjust the custom hostname interpretation to also include consideration for
> the HTTP port.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
