David, Any chance that the Jetty SNI related information could also end up in the migration guide? I suspect that both of these issues are going to be frequently asked as folks evaluate NiFi 2.0 (especially with a 1.x migration).
Thanks for holding everyone's hand here. Much appreciated! /Adam On Fri, Dec 1, 2023 at 5:45 AM David Handermann <[email protected]> wrote: > Ben, > > Thanks for the additional details on the HTTP 400 Invalid SNI error. > > Jetty 10, which is included with NiFi 2.0.0-M1, incorporates updates to > the Server Name Indication processing during the TLS handshake. As a result > of these changes, the default behavior does not support accessing NiFi > using an IP address. Using a hostname or DNS name will avoid the SNI error > and allow standard TLS negotiation to work. > > Regards, > David Handermann > > On Thu, Nov 30, 2023 at 12:07 AM Ben .T.George <[email protected]> > wrote: > >> HI, >> >> Thanks for the update, i have changed and started the process, now the >> port 8443 is listening , i cannot able to access web url. while i am trying >> , i am getting below error on browser: >> >> HTTP ERROR 400 Invalid SNI >> URI: /nifi >> STATUS: 400 >> MESSAGE: Invalid SNI >> SERVLET: - >> CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNICaused >> by: >> >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> at >> org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266) >> at >> org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207) >> at >> org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1594) >> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753) >> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501) >> at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:461) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193) >> at >> org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208) >> at >> org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:155) >> at >> org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:450) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) >> at >> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) >> at >> org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) >> at >> org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) >> at >> org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199) >> at >> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) >> at java.base/java.lang.Thread.run(Thread.java:1583) >> >> >> and from app.log: >> >> 2023-11-30 09:03:25,995 INFO [main] o.apache.nifi.controller.FlowController >> Starting 0 Stateless Process Groups >> 2023-11-30 09:03:25,995 INFO [main] o.apache.nifi.controller.FlowController >> Starting 0 processors/ports/funnels >> 2023-11-30 09:03:25,995 INFO [main] o.apache.nifi.controller.FlowController >> Started 0 Remote Group Ports transmitting >> 2023-11-30 09:03:26,007 INFO [main] >> o.a.n.w.c.ApplicationStartupContextListener Flow Controller started >> successfully. >> 2023-11-30 09:03:26,661 WARN [Framework Task Thread-1] >> o.g.j.message.internal.MessagingBinders A class >> jakarta.activation.DataSource for a default provider >> MessageBodyWriter<jakarta.activation.DataSource> was not found. The provider >> is not available. >> 2023-11-30 09:03:26,845 ERROR [Framework Task Thread-1] >> o.a.nifi.groups.StandardProcessGroup Failed to synchronize >> StandardProcessGroup[identifier=88190e51-0181-1000-4f4e-613c302a50e7,name=SFTP >> Transfer] with Flow Registry because could not retrieve version 1 of flow >> with identifier 02872797-5baa-4ddb-b29e-023b441aec31 in bucket >> 041aab9c-f47a-4ae2-a264-8160d84a9874 due to: Connection refused >> 2023-11-30 09:03:29,761 INFO [main] o.e.jetty.server.handler.ContextHandler >> Started >> o.e.j.w.WebAppContext@5700c9db{nifi-api,/nifi-api,file:///opt/nifi-2.0.0-M1/work/jetty/nifi-web-api-2.0.0-M1.war/webapp/,AVAILABLE}{./work/nar/extensions/nifi-server-nar-2.0.0-M1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-api-2.0.0-M1.war} >> 2023-11-30 09:03:30,102 INFO [main] o.e.j.s.h.C._nifi_content_viewer No >> Spring WebApplicationInitializer types detected on classpath >> 2023-11-30 09:03:30,171 INFO [main] o.e.jetty.server.handler.ContextHandler >> Started >> o.e.j.w.WebAppContext@671d03bb{nifi-content-viewer,/nifi-content-viewer,file:///opt/nifi-2.0.0-M1/work/jetty/nifi-web-content-viewer-2.0.0-M1.war/webapp/,AVAILABLE}{./work/nar/extensions/nifi-server-nar-2.0.0-M1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-content-viewer-2.0.0-M1.war} >> 2023-11-30 09:03:30,280 INFO [main] o.e.j.s.h.ContextHandler._nifi_docs No >> Spring WebApplicationInitializer types detected on classpath >> 2023-11-30 09:03:30,285 INFO [main] o.e.jetty.server.handler.ContextHandler >> Started >> o.e.j.w.WebAppContext@6babffb5{nifi-docs,/nifi-docs,file:///opt/nifi-2.0.0-M1/work/jetty/nifi-web-docs-2.0.0-M1.war/webapp/,AVAILABLE}{./work/nar/extensions/nifi-server-nar-2.0.0-M1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-docs-2.0.0-M1.war} >> 2023-11-30 09:03:30,336 INFO [main] o.e.j.server.handler.ContextHandler._ No >> Spring WebApplicationInitializer types detected on classpath >> 2023-11-30 09:03:30,384 INFO [main] o.e.jetty.server.handler.ContextHandler >> Started >> o.e.j.w.WebAppContext@2173a742{nifi-error,/,file:///opt/nifi-2.0.0-M1/work/jetty/nifi-web-error-2.0.0-M1.war/webapp/,AVAILABLE}{./work/nar/extensions/nifi-server-nar-2.0.0-M1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-error-2.0.0-M1.war} >> 2023-11-30 09:03:30,405 INFO [main] o.eclipse.jetty.server.AbstractConnector >> Started ServerConnector@3d24420b{SSL, (ssl, alpn, h2, >> http/1.1)}{0.0.0.0:8443} >> 2023-11-30 09:03:30,410 INFO [main] org.eclipse.jetty.server.Server Started >> Server@1320e68a{STARTING}[10.0.18,sto=0] @23422ms >> 2023-11-30 09:03:30,454 INFO [main] org.apache.nifi.web.server.JettyServer >> NiFi has started. The UI is available at the following URLs: >> 2023-11-30 09:03:30,454 INFO [main] org.apache.nifi.web.server.JettyServer >> https://10.151.4.53:8443/nifi >> 2023-11-30 09:03:30,454 INFO [main] org.apache.nifi.web.server.JettyServer >> https://10.88.0.1:8443/nifi >> 2023-11-30 09:03:30,454 INFO [main] org.apache.nifi.web.server.JettyServer >> https://127.0.0.1:8443/nifi >> 2023-11-30 09:03:30,456 INFO [main] org.apache.nifi.BootstrapListener >> Successfully initiated communication with Bootstrap >> 2023-11-30 09:03:30,457 INFO [main] org.apache.nifi.NiFi Started Application >> Controller in 17.504 seconds (17504103649 ns) >> 2023-11-30 09:03:30,898 ERROR [Timer-Driven Process Thread-2] >> o.a.nifi.groups.StandardProcessGroup Failed to synchronize >> StandardProcessGroup[identifier=88190e51-0181-1000-4f4e-613c302a50e7,name=SFTP >> Transfer] with Flow Registry because could not retrieve version 1 of flow >> with identifier 02872797-5baa-4ddb-b29e-023b441aec31 in bucket >> 041aab9c-f47a-4ae2-a264-8160d84a9874 due to: Connection refused >> 2023-11-30 09:03:45,864 INFO [Checkpoint FlowFile Repository] >> o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile >> Repository >> 2023-11-30 09:03:45,864 INFO [Checkpoint FlowFile Repository] >> o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile >> Repository with 0 records in 0 milliseconds >> 2023-11-30 09:03:51,500 WARN [NiFi Web Server-36] >> org.eclipse.jetty.server.HttpChannel handleException /nifi/ >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:03:51,561 WARN [NiFi Web Server-35] >> org.eclipse.jetty.server.HttpChannel handleException /favicon.ico >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:03:57,711 WARN [NiFi Web Server-36] >> org.eclipse.jetty.server.HttpChannel handleException /nifi/ >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:03:57,741 WARN [NiFi Web Server-36] >> org.eclipse.jetty.server.HttpChannel handleException /favicon.ico >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:04:05,865 INFO [Checkpoint FlowFile Repository] >> o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile >> Repository >> 2023-11-30 09:04:05,865 INFO [Checkpoint FlowFile Repository] >> o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile >> Repository with 0 records in 0 milliseconds >> 2023-11-30 09:04:19,583 WARN [NiFi Web Server-35] >> org.eclipse.jetty.server.HttpChannel handleException /nifi >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:04:19,626 WARN [NiFi Web Server-35] >> org.eclipse.jetty.server.HttpChannel handleException /favicon.ico >> org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI >> 2023-11-30 09:04:21,357 INFO [Cleanup Archive for default] >> o.a.n.c.repository.FileSystemRepository Successfully deleted 0 files (0 >> bytes) from archive >> 2023-11-30 09:04:21,360 INFO [Cleanup Archive for default] >> o.a.n.c.repository.FileSystemRepository Archive cleanup completed for >> container default; will now allow writing to this container. Bytes used = >> 49.6 GB, bytes free = 5.2 GB, capacity = 54.8 GB >> >> >> regards, >> >> Ben >> >> >> >> >> >> On Thu, Nov 30, 2023 at 8:58 AM David Handermann < >> [email protected]> wrote: >> >>> Ben, >>> >>> Thanks for following up and providing the configuration files. >>> >>> The difference is subtle, but the property name of >>> nifi.flow.configuration.json.file needs to be changed to >>> nifi.flow.configuration.file, removing the json element from the property >>> name, and the leaving the value as it stands. >>> >>> Regards, >>> David Handerman >>> >>> On Wed, Nov 29, 2023, 11:51 PM Ben .T.George <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I have tried disabling xml flow and still Nifi is not starting, >>>> >>>> here is the details: >>>> nifi-app.log : https://pastebin.com/TKtFDYtt >>>> nifi-bootstrap.log : https://pastebin.com/XrMcV3qs >>>> >>>> and my configuration: >>>> nifi.properties : https://pastebin.com/LeRMf9CS >>>> >>>> Regards >>>> Ben >>>> >>>> >>>> >>>> On Thu, Nov 30, 2023 at 8:28 AM Ben .T.George <[email protected]> >>>> wrote: >>>> >>>>> HI, >>>>> >>>>> Thanks for the update, I will try to do it in that way. >>>>> >>>>> regards, >>>>> Ben >>>>> >>>>> On Wed, Nov 29, 2023 at 6:31 PM David Handermann < >>>>> [email protected]> wrote: >>>>> >>>>>> Ben, >>>>>> >>>>>> Thanks for summarizing the problem and providing the error log output. >>>>>> >>>>>> With the removal of the XML-based flow configuration in NiFi 2.0.0-M1, >>>>>> nifi.properties now needs to reference the JSON-based configuration. >>>>>> >>>>>> The nifi.flow.configuration.file property in nifi.properties should >>>>>> reference flow.json.gz instead of flow.xml.gz. >>>>>> >>>>>> At minimum, this looks like something we should improve in terms of >>>>>> error handling, or potentially make the upgrade more seamless. >>>>>> >>>>>> For the moment, I have updated the Migration Guidance page [1] to note >>>>>> the need to change the configuration property. >>>>>> >>>>>> If you run into any other upgrade issues, please pass along the >>>>>> details. >>>>>> >>>>>> Regards, >>>>>> David Handermann >>>>>> >>>>>> [1] >>>>>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance >>>>>> >>>>>> On Tue, Nov 28, 2023 at 4:12 AM Ben .T.George <[email protected]> >>>>>> wrote: >>>>>> > >>>>>> > HI, >>>>>> > >>>>>> > How can I upgrade from 1.24.0 to 2.0.0-M1. >>>>>> > >>>>>> > I did the same pedicure like i did before to upgrade to 1.24.0, >>>>>> which is not worked it seems and NiFi is not starting, >>>>>> > >>>>>> > from bootstrap logs: >>>>>> > 2023-11-28 12:59:32,762 INFO [NiFi Bootstrap Command Listener] >>>>>> org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening >>>>>> for >>>>>> Bootstrap requests on port 40771 >>>>>> > 2023-11-28 12:59:45,273 ERROR [NiFi logging handler] >>>>>> org.apache.nifi.StdErr Failed to start web server: Error creating bean >>>>>> with >>>>>> name 'niFiWebApiConfiguration': BeanPostProcessor before instantiation of >>>>>> bean failed; nested exception is >>>>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>>>> creating bean with name >>>>>> 'org.springframework.security.config.annotation.method.configuration.PrePostMethodSecurityConfiguration': >>>>>> Unsatisfied dependency expressed through constructor parameter 0; nested >>>>>> exception is >>>>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>>>>> creating bean with name >>>>>> 'org.apache.nifi.web.security.configuration.AuthenticationSecurityConfiguration': >>>>>> Unsatisfied dependency expressed through constructor parameter 2; nested >>>>>> exception is org.springframework.beans.factory.BeanCreationException: >>>>>> Error >>>>>> creating bean with name 'authorizer': FactoryBean threw exception on >>>>>> object >>>>>> creation; nested exception is >>>>>> org.apache.nifi.controller.serialization.FlowSerializationException: >>>>>> Could >>>>>> not parse flow as a VersionedDataflow >>>>>> > 2023-11-28 12:59:45,273 ERROR [NiFi logging handler] >>>>>> org.apache.nifi.StdErr Shutting down... >>>>>> > 2023-11-28 12:59:45,955 INFO [main] >>>>>> org.apache.nifi.bootstrap.RunNiFi NiFi never started. Will not restart >>>>>> NiFi >>>>>> > >>>>>> > >>>>>> > and app.log: >>>>>> > https://pastebin.com/R4dGaPmY >>>>>> > >>>>>> > Thanks & Regards, >>>>>> > Ben >>>>>> > >>>>>> > >>>>>> >>>>> >>>>> >>>>> -- >>>>> Yours Sincerely >>>>> Ben.T.George >>>>> >>>>> *" Live like you will die tomorrow, learn like you will live forever "* >>>>> >>>> >>>> >>>> -- >>>> Yours Sincerely >>>> Ben.T.George >>>> >>>> *" Live like you will die tomorrow, learn like you will live forever "* >>>> >>> >> >> -- >> Yours Sincerely >> Ben.T.George >> >> *" Live like you will die tomorrow, learn like you will live forever "* >> >
