Dan, You said that if you run an unsecured instance of NiFi on the production server, it starts successfully? What host(s) does it bind to in that case?
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jul 26, 2017, at 11:21 AM, Andy LoPresto <[email protected]> wrote: > > I have to refamiliarize myself with 0.7.0 as it’s a bit of an older version, > but the code we should be looking at is [1] and [2]. > > [1] > https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L557 > > <https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L557> > [2] > https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L797 > > <https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L797> > > > Andy LoPresto > [email protected] <mailto:[email protected]> > [email protected] <mailto:[email protected]> > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > >> On Jul 26, 2017, at 11:15 AM, Dan Morris <[email protected] >> <mailto:[email protected]>> wrote: >> >> We tried: >> >> nifi.web.https.host=localhost >> >> nifi.web.https.host= >> >> nifi.web.https.host=0.0.0.0 >> >> no impact, UI still would not bind to HTTPS port. >> >> We decided to leave it at 0.0.0.0 as that’s the recommended configuration in >> the Administrators guide for binding to all interfaces. >> >> Thanks, >> Dan Morris >> Mobile: 443-992-2848 >> GV: 410-861-0206 >> >> >> From: Andy LoPresto <[email protected] <mailto:[email protected]>> >> Reply-To: <[email protected] <mailto:[email protected]>> >> Date: Wednesday, July 26, 2017 at 1:56 PM >> To: <[email protected] <mailto:[email protected]>> >> Subject: Re: NiFi UI Not Starting >> >> Dan, >> >> I am wondering if it is an issue with binding to 0.0.0.0 — are there any >> differences between the test and production server non-NiFi configurations >> that would prevent this? Can you try setting nifi.web.https.host=localhost >> instead? >> >> >> Andy LoPresto >> [email protected] <mailto:[email protected]> >> [email protected] <mailto:[email protected]> >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >>> On Jul 26, 2017, at 10:44 AM, Dan Morris <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Joe, >>> >>> I’ve attached relevant files… tried to redact sensitive info… hope I didn’t >>> cut too much from the logs… >>> >>> Thanks, >>> Dan >>> >>> >>> >>> On 7/26/17, 9:30 AM, "Joe Witt" <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Dan - are you able to share the nifi-app and nifi-bootstrap logs? >>> >>> Thanks >>> >>> On Wed, Jul 26, 2017 at 9:21 AM, Dan Morris <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> Hello, >>>> >>>> >>>> >>>> I’m having an issue getting NiFi to start correctly. Here’s my situation: >>>> >>>> I’m currently running v0.7.0. >>>> I have a production server and a test server, with identical configurations >>>> (OS, Java, Java security config, nifi versions, nifi configs, >>>> keystores/truststores, etc). >>>> When I run nifi via normal HTTP (e.g. no security) in both Prod/Test they >>>> both start & load the UI as expected. >>>> When I run nifi via HTTPs (e.g. security settings) the Test server starts >>>> and loads UI as expected. >>>> However, on the Prod system, I receive the following error and java does >>>> not >>>> bind to 8443: >>>> >>>> >>>> >>>> 2017-07-25 16:30:51,346 WARN [main] org.apache.nifi.web.server.JettyServer >>>> NiFi has started, but the UI is not available on any hosts. Please verify >>>> the host properties. >>>> >>>> >>>> >>>> I reviewed the source code and it looks like this error is logged when the >>>> “URLs” is empty. >>>> Here is what I *think* are the relevant properties from my nifi config, >>>> when >>>> trying to start up using TLS (running on both Prod & Test), again, Test >>>> starts fine, Prod throws the error above. >>>> >>>> >>>> >>>> # Enable TLS >>>> >>>> nifi.web.http.host= >>>> >>>> nifi.web.https.host=0.0.0.0 >>>> >>>> nifi.web.http.port= >>>> >>>> nifi.web.https.port=8443 >>>> >>>> nifi.security.keystore=<path_to_keystore> >>>> >>>> nifi.security.keystoreType=JKS >>>> >>>> nifi.security.keystorePasswd=<keystore_password> >>>> >>>> nifi.security.keyPasswd=<key_password> >>>> >>>> nifi.security.truststore=<path_to_trust_store> >>>> >>>> nifi.security.truststoreType=JKS >>>> >>>> nifi.security.truststorePasswd=<trust_store_password> >>>> >>>> nifi.security.needClientAuth=true >>>> >>>> >>>> >>>> Again, I’ve manually validated the correct paths, correct passwords to JKS >>>> files., etc. >>>> I’ve verified that there are no other processes binding to 8443 possibly >>>> blocking nifi from the port. >>>> I’ve tried changing the port number (e.g. to 8445), no effect >>>> I’ve turned off IPTables. >>>> Generally, I run nifi as a “nifi” user, however, I’ve also tried running it >>>> as root to see if that had an effect of allowing the UI on Prod to start…no >>>> impact. >>>> I’ve tried also starting up nifi with a blank/default flow file, no effect. >>>> >>>> >>>> >>>> Any thoughts/suggestions on what I can do next, short of uninstalling nifi >>>> and reinstalling? >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Dan >>>> >>>> >>> >>> >>> <bootstrap.conf><nifi-app.log><nifi-bootstrap.log><nifi.properties> >> >> >
signature.asc
Description: Message signed with OpenPGP using GPGMail
