Dan, Sorry we are not more helpful on this. Seems to be an extremely unusual circumstance. I would suggest modifying bootstrap.conf to enable remote debugging and use your IDE to step through the execution of the Jetty code. Something about the logic path is different when creating the HTTPS connector — either the context factory is not getting formed correctly, the network interfaces are not being enumerated, or something is violating an external permission/policy block. I will try to reproduce this locally as well but I have not encountered this before when setting up a secure 0.x instance.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jul 26, 2017, at 11:37 AM, Dan Morris <[email protected]> wrote: > > Hi Andy, > > It’s the same instance of nifi… in our nifi.properties file, we just > comment/uncomment the “Disable TLS” or “Enable TLS” sections depending on > which “mode” we want nifi to run in. > > When we comment out the “Enable TLS” section and uncomment the “Disable TLS” > sections, the the UI binds to both localhost and the IPv4 Address (the only > other eth device). > > Thanks, > Dan Morris > Mobile: 443-992-2848 > GV: 410-861-0206 > > > From: Andy LoPresto <[email protected]> > Reply-To: <[email protected]> > Date: Wednesday, July 26, 2017 at 2:30 PM > To: <[email protected]> > Subject: Re: NiFi UI Not Starting > > Dan, > > You said that if you run an unsecured instance of NiFi on the production > server, it starts successfully? What host(s) does it bind to in that case? > > Andy LoPresto > [email protected] <mailto:[email protected]> > [email protected] <mailto:[email protected]> > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > >> On Jul 26, 2017, at 11:21 AM, Andy LoPresto <[email protected] >> <mailto:[email protected]>> wrote: >> >> I have to refamiliarize myself with 0.7.0 as it’s a bit of an older version, >> but the code we should be looking at is [1] and [2]. >> >> [1] >> https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L557 >> >> <https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L557> >> [2] >> https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L797 >> >> <https://github.com/apache/nifi/blob/rel/nifi-0.7.0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L797> >> >> >> Andy LoPresto >> [email protected] <mailto:[email protected]> >> [email protected] <mailto:[email protected]> >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >>> On Jul 26, 2017, at 11:15 AM, Dan Morris <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> We tried: >>> >>> nifi.web.https.host=localhost >>> >>> nifi.web.https.host= >>> >>> nifi.web.https.host=0.0.0.0 >>> >>> no impact, UI still would not bind to HTTPS port. >>> >>> We decided to leave it at 0.0.0.0 as that’s the recommended configuration >>> in the Administrators guide for binding to all interfaces. >>> >>> Thanks, >>> Dan Morris >>> Mobile: 443-992-2848 >>> GV: 410-861-0206 >>> >>> >>> From: Andy LoPresto <[email protected] <mailto:[email protected]>> >>> Reply-To: <[email protected] <mailto:[email protected]>> >>> Date: Wednesday, July 26, 2017 at 1:56 PM >>> To: <[email protected] <mailto:[email protected]>> >>> Subject: Re: NiFi UI Not Starting >>> >>> Dan, >>> >>> I am wondering if it is an issue with binding to 0.0.0.0 — are there any >>> differences between the test and production server non-NiFi configurations >>> that would prevent this? Can you try setting nifi.web.https.host=localhost >>> instead? >>> >>> >>> Andy LoPresto >>> [email protected] <mailto:[email protected]> >>> [email protected] <mailto:[email protected]> >>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>> >>>> On Jul 26, 2017, at 10:44 AM, Dan Morris <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Joe, >>>> >>>> I’ve attached relevant files… tried to redact sensitive info… hope I >>>> didn’t cut too much from the logs… >>>> >>>> Thanks, >>>> Dan >>>> >>>> >>>> >>>> On 7/26/17, 9:30 AM, "Joe Witt" <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Dan - are you able to share the nifi-app and nifi-bootstrap logs? >>>> >>>> Thanks >>>> >>>> On Wed, Jul 26, 2017 at 9:21 AM, Dan Morris <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> >>>>> Hello, >>>>> >>>>> >>>>> >>>>> I’m having an issue getting NiFi to start correctly. Here’s my situation: >>>>> >>>>> I’m currently running v0.7.0. >>>>> I have a production server and a test server, with identical >>>>> configurations >>>>> (OS, Java, Java security config, nifi versions, nifi configs, >>>>> keystores/truststores, etc). >>>>> When I run nifi via normal HTTP (e.g. no security) in both Prod/Test they >>>>> both start & load the UI as expected. >>>>> When I run nifi via HTTPs (e.g. security settings) the Test server starts >>>>> and loads UI as expected. >>>>> However, on the Prod system, I receive the following error and java does >>>>> not >>>>> bind to 8443: >>>>> >>>>> >>>>> >>>>> 2017-07-25 16:30:51,346 WARN [main] org.apache.nifi.web.server.JettyServer >>>>> NiFi has started, but the UI is not available on any hosts. Please verify >>>>> the host properties. >>>>> >>>>> >>>>> >>>>> I reviewed the source code and it looks like this error is logged when the >>>>> “URLs” is empty. >>>>> Here is what I *think* are the relevant properties from my nifi config, >>>>> when >>>>> trying to start up using TLS (running on both Prod & Test), again, Test >>>>> starts fine, Prod throws the error above. >>>>> >>>>> >>>>> >>>>> # Enable TLS >>>>> >>>>> nifi.web.http.host= >>>>> >>>>> nifi.web.https.host=0.0.0.0 >>>>> >>>>> nifi.web.http.port= >>>>> >>>>> nifi.web.https.port=8443 >>>>> >>>>> nifi.security.keystore=<path_to_keystore> >>>>> >>>>> nifi.security.keystoreType=JKS >>>>> >>>>> nifi.security.keystorePasswd=<keystore_password> >>>>> >>>>> nifi.security.keyPasswd=<key_password> >>>>> >>>>> nifi.security.truststore=<path_to_trust_store> >>>>> >>>>> nifi.security.truststoreType=JKS >>>>> >>>>> nifi.security.truststorePasswd=<trust_store_password> >>>>> >>>>> nifi.security.needClientAuth=true >>>>> >>>>> >>>>> >>>>> Again, I’ve manually validated the correct paths, correct passwords to JKS >>>>> files., etc. >>>>> I’ve verified that there are no other processes binding to 8443 possibly >>>>> blocking nifi from the port. >>>>> I’ve tried changing the port number (e.g. to 8445), no effect >>>>> I’ve turned off IPTables. >>>>> Generally, I run nifi as a “nifi” user, however, I’ve also tried running >>>>> it >>>>> as root to see if that had an effect of allowing the UI on Prod to >>>>> start…no >>>>> impact. >>>>> I’ve tried also starting up nifi with a blank/default flow file, no >>>>> effect. >>>>> >>>>> >>>>> >>>>> Any thoughts/suggestions on what I can do next, short of uninstalling nifi >>>>> and reinstalling? >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Dan >>>>> >>>>> >>>>> >>>> >>>> >>>> <bootstrap.conf><nifi-app.log><nifi-bootstrap.log><nifi.properties> >>> >>> >> >> > >
signature.asc
Description: Message signed with OpenPGP using GPGMail
