Thanks for the follow up! Saved me some investigation :) -joey
> On Jul 21, 2021, at 11:11 AM, Juan Pablo Gardella > <[email protected]> wrote: > > > Please ignore, my error during applying the patch (see below). > [email protected] worked fine the patch! Thank you!! > > It works fine! I copied the patched in different location: > > COPY --chown=nifi:nifi start.sh /opt/nifi/scripts/scripts/start.sh > COPY --chown=nifi:nifi secure.sh /opt/nifi/scripts/scripts/secure.sh > RUN chmod u+x /opt/nifi/scripts/start.sh /opt/nifi/scripts/secure.sh > > Juan > >> On Wed, 21 Jul 2021 at 10:39, Juan Pablo Gardella >> <[email protected]> wrote: >> Hi, >> >> I tried the patch by adjusting the image, and it seems it is not working if >> it is running behind a proxy. >> >> COPY --chown=nifi:nifi start.sh /opt/nifi/scripts/scripts/start.sh >> COPY --chown=nifi:nifi secure.sh /opt/nifi/scripts/scripts/secure.sh >> >> Nifi starts but I am unable to access it when it runs behind a proxy. >> >> System Error >> >> The request contained an invalid host header [publichostname:8444] in the >> request [/nifi/]. Check for request manipulation or third-party intercept. >> >> Valid host headers are [empty] or: >> 127.0.0.1 >> 127.0.0.1:8443 >> localhost >> localhost:8443 >> [::1] >> [::1]:8443 >> 3cdcc5c8b343 >> 3cdcc5c8b343:8443 >> 172.18.0.2 >> 172.18.0.2:8443 >> >> y adjusting the image as: >> >> environment: >> SINGLE_USER_CREDENTIALS_USERNAME: ${SINGLE_USER_CREDENTIALS_USERNAME} >> SINGLE_USER_CREDENTIALS_PASSWORD: ${SINGLE_USER_CREDENTIALS_PASSWORD} >> NIFI_SENSITIVE_PROPS_KEY: ${NIFI_SENSITIVE_PROPS_KEY} >> NIFI_WEB_HTTPS_HOST: ${NIFI_INTERNAL_HOST} >> NIFI_WEB_PROXY_HOST: ${PUBLIC_HOSTNAME}:${NIFI_PUBLIC_PORT} >> >> It seems the certificate is not created properly when nifi is running behind >> a proxy. >> >> Juan >> >> >>> On Sun, 18 Jul 2021 at 22:56, Joey Frazee <[email protected]> wrote: >>> Yeah, this wasn’t being handled right anymore. I put up a PR for this on >>> Friday. >>> >>> https://github.com/apache/nifi/pull/5226 >>> >>> If you can give it a test that’d be a big help. >>> >>> Best, >>> >>> -joey >>> >>>>> On Jul 18, 2021, at 6:50 PM, Juan Pablo Gardella >>>>> <[email protected]> wrote: >>>>> >>>> >>>> Hello all, >>>> >>>> I am trying Single User Credentials with Docker but it does not work >>>> because it does not allow set up nifi.web.proxy.host[1] variable. The >>>> start script disallow setting the host: >>>> >>>> if [ -n "${SINGLE_USER_CREDENTIALS_USERNAME}" ] && [ -n >>>> "${SINGLE_USER_CREDENTIALS_PASSWORD}" ]; then >>>> ${NIFI_HOME}/bin/nifi.sh set-single-user-credentials >>>> "${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD}" >>>> fi >>>> >>>> . "${scripts_dir}/update_cluster_state_management.sh" >>>> >>>> # Check if we are secured or unsecured >>>> case ${AUTH} in >>>> tls) >>>> echo 'Enabling Two-Way SSL user authentication' >>>> . "${scripts_dir}/secure.sh" >>>> ;; >>>> ldap) >>>> echo 'Enabling LDAP user authentication' >>>> # Reference ldap-provider in properties >>>> export NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER="ldap-provider" >>>> >>>> . "${scripts_dir}/secure.sh" >>>> . "${scripts_dir}/update_login_providers.sh" >>>> ;; >>>> *) >>>> if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then >>>> echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a >>>> secure mode. Will not update nifi.web.proxy.host.' >>>> fi >>>> ;; >>>> esac >>>> >>>> Why does the echo print that is not in secure mode? >>>> >>>> Thanks, >>>> Juan >>>> [1] >>>> A comma separated list of allowed HTTP Host header values to consider when >>>> NiFi is running securely and will be receiving requests to a different >>>> host[:port] than it is bound to. For example, when running in a Docker >>>> container or behind a proxy (e.g. localhost:18443, proxyhost:443). By >>>> default, this value is blank meaning NiFi should only allow requests sent >>>> to the host[:port] that NiFi is bound to. >>>> >>>> >>>>
