Please ignore, my error during applying the patch (see below). [email protected] <[email protected]> worked fine the patch! Thank you!!
It works fine! I copied the patched in different location: COPY --chown=nifi:nifi start.sh /opt/nifi/scripts/scripts/start.sh COPY --chown=nifi:nifi secure.sh /opt/nifi/scripts/scripts/secure.sh RUN chmod u+x /opt/nifi/scripts/start.sh /opt/nifi/scripts/secure.sh Juan On Wed, 21 Jul 2021 at 10:39, Juan Pablo Gardella < [email protected]> wrote: > Hi, > > I tried the patch by adjusting the image, and it seems it is not working > if it is running behind a proxy. > > COPY --chown=nifi:nifi start.sh /opt/nifi/scripts/scripts/start.sh > COPY --chown=nifi:nifi secure.sh /opt/nifi/scripts/scripts/secure.sh > > Nifi starts but I am unable to access it when it runs behind a proxy. > > System Error The request contained an invalid host header [ > publichostname:8444] in the request [/nifi/]. Check for request > manipulation or third-party intercept. Valid host headers are [empty] or: > > - 127.0.0.1 > - 127.0.0.1:8443 > - localhost > - localhost:8443 > - [::1] > - [::1]:8443 > - 3cdcc5c8b343 > - 3cdcc5c8b343:8443 > - 172.18.0.2 > - 172.18.0.2:8443 > > > y adjusting the image as: > > environment: > SINGLE_USER_CREDENTIALS_USERNAME: ${SINGLE_USER_CREDENTIALS_USERNAME} > SINGLE_USER_CREDENTIALS_PASSWORD: ${SINGLE_USER_CREDENTIALS_PASSWORD} > NIFI_SENSITIVE_PROPS_KEY: ${NIFI_SENSITIVE_PROPS_KEY} > NIFI_WEB_HTTPS_HOST: ${NIFI_INTERNAL_HOST} > NIFI_WEB_PROXY_HOST: ${PUBLIC_HOSTNAME}:${NIFI_PUBLIC_PORT} > > It seems the certificate is not created properly when nifi is running > behind a proxy. > > Juan > > On Sun, 18 Jul 2021 at 22:56, Joey Frazee <[email protected]> wrote: > >> Yeah, this wasn’t being handled right anymore. I put up a PR for this on >> Friday. >> >> https://github.com/apache/nifi/pull/5226 >> >> If you can give it a test that’d be a big help. >> >> Best, >> >> -joey >> >> On Jul 18, 2021, at 6:50 PM, Juan Pablo Gardella < >> [email protected]> wrote: >> >> >> Hello all, >> >> I am trying *Single User Credentials* with Docker but it does not work >> because it does not allow set up nifi.web.proxy.host[1] variable. The >> start script disallow setting the host: >> >> if [ -n "${SINGLE_USER_CREDENTIALS_USERNAME}" ] && [ -n " >> ${SINGLE_USER_CREDENTIALS_PASSWORD}" ]; then >> ${NIFI_HOME}/bin/nifi.sh set-single-user-credentials " >> ${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD} >> " >> fi >> >> . "${scripts_dir}/update_cluster_state_management.sh" >> >> # Check if we are secured or unsecured >> case ${AUTH} in >> tls) >> echo 'Enabling Two-Way SSL user authentication' >> . "${scripts_dir}/secure.sh" >> ;; >> ldap) >> echo 'Enabling LDAP user authentication' >> # Reference ldap-provider in properties >> export NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER="ldap-provider" >> >> . "${scripts_dir}/secure.sh" >> . "${scripts_dir}/update_login_providers.sh" >> ;; >> *) >> if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then >> echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a >> secure mode. Will not update nifi.web.proxy.host.' >> fi >> ;; >> esac >> >> Why does the echo print that is not in secure mode? >> >> Thanks, >> Juan >> [1] >> >> A comma separated list of allowed HTTP Host header values to consider >> when NiFi is running securely and will be receiving requests to a different >> host[:port] than it is bound to. For example, when running in a Docker >> container or behind a proxy (e.g. localhost:18443, proxyhost:443). By >> default, this value is blank meaning NiFi should only allow requests sent >> to the host[:port] that NiFi is bound to. >> >> >>
