Hi Jim, Thanks for the reply and additional background.
The instructions are dated March 2021, which is prior to the release of NiFi 1.14.0. In particular, the run command is no longer accurate with the default NiFi container image. The current Docker Hub instructions [1] show the basic command needed docker run --name nifi -p 8443:8443 -d apache/nifi:latest In addition, any references to port 8080 in the AWS Security Group rules should be changed to 8443. The security group rules for port 80 and 18080 should be removed. The instructions that allow plain HTTP access to NiFi on port 8080 should NEVER be followed, as this exposes unfiltered and unauthenticated access. Following those changes, it should be possible to access the NiFi UI using the AWS URL: https://ec2...amazonaws.com:8443 The default installation will generate a username and password, which can be found in the container logs: docker logs nifi | grep Generated Regards, David Handermann [1] https://hub.docker.com/r/apache/nifi On Tue, Nov 8, 2022 at 4:00 PM James McMahon <[email protected]> wrote: > Hi and thank you, David and Dmitry. In my case I was following this > example, > > https://joeygoksu.com/software/apache-nifi-on-aws/ > > which results in NiFi installed within a container. So to answer one of > your questions, I don’t yet know how or where to find nifi.properties in > the container framework. I don’t seem to have the usual /opt/nifi/….. > directories on my ec2 instance. Any idea where I need to look for that? > > These ports are open by my security group Inbound Rules: 22 to MyIP, 80, > 8080, and 18080 (per the link) to 0.0.0.0/0, 443 to MyIP. > > I am able to Putty into my instance as ec2-user with my ppk file, which I > created using putty tools from the original pem key pair. When I do putty > in, under /opt I find three subdirectories: aws, containerd, and rh. > Nothing nifi under any of the three that I can see so far. > > I start my docker instance with this command: > docker run —name nifi -p 18080:8080 -d apache/nifi:latest > > I can do a ps -ef and see running nifi processes. But I don’t yet know how > to get to the nifi logs or properties file. > > You mentioned using using localhost to get to the canvas UI. This confuses > me. Nifi is running on my EC2 instance - a linux host without a browser. > I’m in a browser on my laptop. How would localhost in my browser get me to > my EC2 instance running nifi? > > This is the URL I’m using in my browser: > http://ec2-3-238-27-220.compute-1.amazonaws.com > (that url changes with each Stop/Start of my instance. I’ve yet to > investigate how to get AWS to stop changing that IP, but I know it can be > done). > > The browser replies with: ec2…….amazonaws refused to connect. > > I can ping my laptop IP address from the putty terminal where I am logged > in to my instance. I cannot ping the Public DNS of my instance from > Powershell on my laptop. Again, that Public DNS is > ec2-3-238-27-220.compute-1.amazonaws.com > > Any help is much appreciated. > Jim > > > > On Tue, Nov 8, 2022 at 3:03 PM David Handermann < > [email protected]> wrote: > >> Hi Jim, >> >> NiFi 1.14.0 and following default to HTTPS on port 8443, listening on the >> localhost address. The nifi.web.https.host can be changed to blank in order >> to listen on all interfaces, but the default HTTPS setting with >> authenticated required should be retained. >> >> Can you provide the version of NiFi and some additional details on the >> nifi.web values from nifi.properties? >> >> Regards, >> David Handermann >> >> On Tue, Nov 8, 2022 at 1:54 PM James McMahon <[email protected]> >> wrote: >> >>> Has anyone successfully configured NiFi on AWS, and accessed it from a >>> browser on a Windows desktop? I’ve tried following a few links to do this. >>> I’ve verified that my instance security group allows access to 8080 via its >>> inbound rules. I’ve putty’ed into the instance via ssh port 22 to verify >>> that there are no firewall restrictions. But still I get a message to the >>> effect that the server rejected the connection request. Can anyone >>> recommend a link that describes a success path for this? >>> Thanks in advance for your help. >>> Jim >>> >>
