That was it – setting the nifi.web.proxy.host to the VM’s external IP (and leaving the nifi.web.https.host blank) resulted in the Nifi login screen, and I was able to log in.
Whew!! Thank you so much for the information. Mike From: David Handermann <exceptionfact...@apache.org> Sent: Monday, August 23, 2021 9:28 AM To: users@nifi.apache.org Subject: Re: Trouble accessing v 1.14.0 on GCP Hi Mike, Thanks for the reply, it looks like the request is now getting to the NiFi server. The error message indicates that the public IP address is not one of the expected values for the HTTP Host header, based on the NiFi configuration. The following property should be configured with the public DNS name of the NiFi system in order for NiFi to accept requests: nifi.web.proxy.host See the Web Properties section of the Administrator's Guide for more details on that particular property: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#web-properties Running a reverse DNS lookup of the public IP address should return the host value to use for that property, and for accessing NiFi through the browser. Regards, David Handermann On Mon, Aug 23, 2021 at 11:16 AM Mike Sofen <mso...@ansunbiopharma.com<mailto:mso...@ansunbiopharma.com>> wrote: Hi David, Thanks for the tip to try a blank https host address – I hadn’t tried that since there was a note somewhere saying something like “nifi will pick the network, which may not be what you want”. However, trying it resulted in the same outcome – my on-prem Windows PC browser cannot connect to the GCP nifi. but now gets the result shown below. I never get a login screen as the docs mention. Mike [cid:image001.png@01D79806.816A6BE0] From: David Handermann <exceptionfact...@apache.org<mailto:exceptionfact...@apache.org>> Sent: Monday, August 23, 2021 6:38 AM To: users@nifi.apache.org<mailto:users@nifi.apache.org> Subject: Re: Trouble accessing v 1.14.0 on GCP Hi Mike, Small correction, I mistyped the property name the second time, so for clarification, I intended to say setting a blank value for the HTTPS host as follows: nifi.web.https.host= Regards, David Handermann On Mon, Aug 23, 2021 at 8:35 AM David Handermann <exceptionfact...@apache.org<mailto:exceptionfact...@apache.org>> wrote: Hi Mike, The nifi.web.https.host property must match one of the IP addresses assigned to the system on which NiFi is running. The GCP virtual machine has a private IP address assigned to a local interface, and uses network address translation to send requests from the public address to the local interface address. Setting a blank value for nifi.web.http.post<http://nifi.web.http.post> will cause NiFi to listen on all available interfaces, which should allow NiFi to receive incoming requests. The purpose of the default 127.0.0.1 address is to avoid public access to NiFi without additional security configuration. The default HTTPS and single user credentials provide some measure of protection, and I recommend reviewing the Security Configuration and User Authentication sections of the NiFi System Administrator's Guide for more details on securing the NiFi installation. https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration Regards, David Handermann On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <mso...@ansunbiopharma.com<mailto:mso...@ansunbiopharma.com>> wrote: minor correction - the port shown (8543) was from the alternate port test, the regular port test 8443 returns a similar error: " Nifi fails to start, with the log saying: 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down. java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address" Mike -----Original Message----- From: Mike Sofen Sent: Monday, August 23, 2021 6:00 AM To: users@nifi.apache.org<mailto:users@nifi.apache.org> Subject: Trouble accessing v 1.14.0 on GCP At my prior company I've installed earlier versions of nifi on GCP Debian VMs and not had a problem pointing a Windows 10 browser at them and going to work. I'm aware v1.14.0 requires a user login when not using certs, but I can't even get to that step. I'm pulling my remaining hair out trying to connect to a new Debian VM on GCP running v 1.14.0 on Java 8. Nifi starts and runs properly, with this caveat - I cannot reference the static external IP - only the default IP (127.0.0.1), so my browser can't connect. I have a GCP firewall rule that opens the 8443 port for the VM, and even added ICMP to it and can ping it from a CMD shell on my PC. I've checked all of the file permissions on that VM, all uniformly correct. Details of my nifi.properties: If I use: nifi.web.https.host=127.0.0.1 (the default) nifi.web.https.port=8443 Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused to connect " If I use the VM's static IP (which is what I've used on prior VMs): nifi.web.https.host=35.xxx.xx.xxx nifi.web.https.port=8443 Nifi fails to start, with the log saying: 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down. java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address Endless web searches and tests have resulted in no change of behavior - with the default IP, Nifi runs but I can't access it, and with my external IP, it won't start. I've even tried using a different port (8543), no change. In this GCP project, I have just this one VM and it has successfully been running Postgres for many months. Any ideas? Mike Sofen
