It's more than that, You also need to setup TLS keys for the hostname, user accounts, etc. Also, I would never expose a service directly on a public IP that way either. Use a priv subnet and access via a VPN. Route 53 can manage DNS for a private domain so you can have eg nifi-1.mycloud as the hostname and expose all the necessary ports (not just 8443) to the necessary security groups. With no other information on the deployment, it's not possible to specify instructions.
It might be worthwhile adding an AWS CDK setup to the code so admins have "cdk deploy" as a post-build option, even if it's just a basic ec2 host like above and not getting into integration with logging, authentication, etc. On Fri, 29 Mar 2024, 07:59 Mark Bean, <mark.o.b...@gmail.com> wrote: > Try adding your EC2 instance's private IP address mapping to public DNS > name in /etc/hosts. And, in that case, you can use > nifi.web.https.host=<public DNS name> > > -Mark > > > On Thu, Mar 28, 2024 at 4:40 PM Joe Witt <joe.w...@gmail.com> wrote: > > > Mark > > > > I believe you will need to tell NiFi you want it to listen on more than > the > > localhost/loopback address. > > > > nifi.web.https.host=localhost > > > > Is a default in nifi.properties for instance. > > > > Def take a look through the admin/install guide as well. > > > > Thanks > > > > On Thu, Mar 28, 2024 at 1:32 PM Mark Woodcock <woodc...@usna.edu.invalid > > > > wrote: > > > > > Howdy, > > > > > > Cranked up an EC2 instance. > > > Installed Java 11. > > > set up JAVA_HOME > > > Downloaded Nifi 1.25.0 > > > unzipped Nifi > > > set a nifi.sensitive.properties.key > > > (https.port is default 8443) > > > > > > bin/nifi.sh start > > > > > > But, I can't even seem to access the most basic bit of the UI: > > > > > > curl -vvvk https://54.91.56.55:8443 > > > * Trying 54.91.56.55:8443... > > > * connect to 54.91.56.55 port 8443 failed: Connection refused > > > * Failed to connect to 54.91.56.55 port 8443 after 17 ms: Connection > > > refused > > > * Closing connection 0 > > > curl: (7) Failed to connect to 54.91.56.55 port 8443 after 17 ms: > > > Connection refused > > > > > > I have no doubt, I'm doing something astonishingly dumb. Would someone > > be > > > kind enough to point it out? > > > > > > thx, > > > > > > mew > > > > > >
