I am very new to docker and Nifi so please understand if my question doesn't sound refined.
When I downloaded Nifi from official apache nifi website and fired it up, it was accessible via http://localhost:8443/nifi
But when I created a docker container using the following command
docker run -itd -p 8433:8080 --name nifi apache/nifi
it runs without a problem but it's not accessible via web UI
When I used
docker logs d7 | grep "JettyServer"
2022-07-07 23:17:13,334 INFO [main] org.apache.nifi.web.server.JettyServer NiFi has started NiFi has started. The UI is available at the following URLs:
2022-07-07 23:17:13,334 INFO [main] org.apache.nifi.web.server.JettyServer https://d723418f https://d723418f16d5:8443/nifi
above message was shown, which to my understanding it means that Nifi is running.
I have tried
-localhost:8433
-host IP:8433
-bridge network IP:8433
but none of those work.
Is this possibly because of the update on version 1.14.0 since it accesses UI via https rather than http and requires ID and password now ?
Or am I just missing something very simple?
Thank you all for your help in advance.
By default nifi listening only 8443 port (and using HTTPS connection)
If you want to connect using unsecure HTTP, you need to set HTTP port:
docker run -itd -p 8443:8080 -e NIFI_WEB_HTTP_PORT=8080 --name nifi apache/nifi
In this case HTTPS connection will be disabled and you will be able to connect with http://localhost:8443/nifi instead of secured HTTPS
* It is not possible to activate both 8080 (HTTP) and 8443 (HTTPS) connection at same time. You have to edit container entrypoint
script (/opt/nifi/scripts/start.sh) to activate both connections
I changed the port setting to 8443:8443 and added /nifi to the URL and it started working
Related
I created a simple golang web application working on port 8080.
Docker file:
When I tried on web, I got empty response error.
Then, I opened bash of the container and found something strange.
When I did curl http://localhost:8080, I received the response but when I did same on eth0 ip, it failed.
ignore the 404. 404 means my server app is responding.
The application is accepting traffic only on localhost of the container and not accessible using docker/k8s IP.
Kindly suggest!
Did you start the container with the -p flag set to allow traffic on port 8080? (Like this: docker run -p 8080:8080 [your_image])
I tried delploying kie workbench using docker command docker run -p 8080:8080 -p 8001:8001 -d --name drools-wb jboss/business-central-workbench-showcase:latest and kieserver using the docker command docker run -p 8180:8080 -d --name kie-server --link drools-wb:kie-wb jboss/kie-server-showcase:latest. I deployed a sample drl file to kie server using the business central. The screen image after deployment is as shown below.
The remote server is given as 172.17.0.3:8080. But when I try to test the deployment file using Postman the server is not responding.The requests are getting timed out.The two endpoint services I tried to access are http://172.17.0.3:8080/kie-server/services/rest/server/and http://172.17.0.3:8080/kie-server/services/rest/server/DemoRule_1.0.0-SNAPSHOT. First of all Iam not understanding why is it getting deployed in some remote server and not localhost. Secondly why is it not getting accessible. I even tried the kie server container endpoint http://localhost:8180/kie-server/services/rest/server/. But none of this works. Can someone help me understand the problem.
I found the answer for myself. The service was available at http://localhost:8180/kie-server/services/rest/server/containers/instances/DemoRule_1.0.0-SNAPSHOT. That's were the actual controller was available. Port 8080 was endpoint for wildfly server. The IP 172.17.0.3:8080 was related to docker container. It had nothing do with the controllers.
I'm trying to do something very simple: use the official NiFi docker image (https://hub.docker.com/r/apache/nifi/) to run a very simple NiFi "Hello World" tutorial (https://github.com/drnice/NifiHelloWorld).
The problem is that I cannot access the port of the HandleHttpRequest processor from that tutorial (called Nifi-WebServer-HandleHTTP). The port is 6688.
I've mapped port 6688 to localhost, which I've confirmed in portainer:
Portainer Snapshot Showing port mappings
The URL localhost:8080 works fine, I can access the NiFi UI and interact with it.
But when I try localhost:6688, I get an error (empty response from server).
More info
1) When I log in through Portainer to the "nifi3" container console, I can run "curl localhost:6688", and get the expected result (some HTML coming back).
2) I've confirmed via netstat that nothing else is using 6688 on my host.
3) Full container run command:
docker run --name nifi4 -d -p 8080:8080 -p 6688:6688 -p 9998:9998 -v `C:/temp/GitHub/NifiHelloWorld/Archive`:/mnt/nifi_hello_world -v C:/temp/nifi_out:/mnt/nifi_out nifi3 -v 4a8bd6cab08f08af457001810a312816757f40a7c16d2583dd6a9eabfd76db78:/opt/nifi/nifi-current/conf
So the HTTP server seems to be up on the correct port inside the container, the port mapping is there, but I cannot access it from outside.
Anyone know why?
It looks like you were hit with a bit of container inception. The template you are using specifies a hostname for the HandleHttpRequest processor of "localhost". Accordingly, it will only accept requests on the loopback interface internal to the container instance.
You will need to remove this from your template instance such that it can bind to all interfaces and allow the port forwarding to work as expected via the docker command arguments.
I am trying to run a standard nginx container on one of my GCP VMs. When i run
docker run -it --rm -p 80:80 tiangolo/uwsgi-nginx-flask:python3.6
I get the following error:
Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use
However it is a clean VM instance I created. During VM creation I also checked the http port to make sure port 80 is open (i need to add https - but this is my first deployment test).
The image does work locally. It seems to be a Google Cloud Platform configuring thing I guess.
it was my own stupid error.. sorry for asking the SO community...
so what did I do wrong.. I connected through the web client.. which means port 80 is already in use. causing all this havoc :(
so just ssh in and try again and it works.
I tried to reproduce the issue on my end, but I did not find any error. Here are the below steps I have taken.
First I spin up a Debian vm instance in the Google cloud platform and allowed incoming http in the firewall for that VM instance so that I could access the site from outside.
Then I installed docker in the VM instance. I followed this link.
After that, I made sure that http port is free in the VM instance. I used the below command.
netstat -an | egrep 'Proto|LISTEN'
You may check the link here.
At this point, I issued the docker command you provided.
docker run -it --rm -p 80:80 tiangolo/uwsgi-nginx-flask:python3.6
I did not get any error and I could access the nginx page.
“Hello World from Flask in a uWSGI Nginx Docker container with Python 3.6 (default)”
If you spin a new VM with the same docker version, do you have the same issue? What kind of image is your VM running?
For the life of me I can't get to the NiFi Web UI. It makes me hate security.
TLDR; I can't find the right way to start NiFi in a docker container and still access the UI. Here's what I've tried (for 8 hours):
docker run --name nifi \
-p 8080:8080 \
-d \
apache/nifi:latest
I go to localhost:8080/nifi - timeout. Same on 127.0.0.1.
docker inspect nifi - IP Gateway is 172.20.0.1 with actual IP of 172.0.0.2. Invalid Host Header and timeout, respectively.
Start randomly trying stuff:
# I tried localhost, 0.0.0.0, various IP addresses
docker run --name nifi \
-p 8080:8080 \
-e NIFI_WEB_HTTP_HOST=${hostname-here}
-d \
apache/nifi:latest
I also built a full docker-compose.yml for my diminishingly-possible stack. Everything thing works except for:
nifi:
image: apache/nifi:latest
hostname: nifi
depends_on:
- zookeeper
- broker
- schema_registry
- nifi-registry
ports:
- "8080:8080"
No changes. Can you help me?
Updates 1
I used the docker-compose.yml file from the repo linked in comments below; thank you #Chaffelson. Still dealing with timeout on localhost. So I spun up a droplet with docker-machine.
The services start fine, and logs indicate Jetty server is up for both NiFi Registry and NiFi. I can access NiFi registry # <host ip>:18080/nifi-registry exactly like I can on my local machine.
I can't access <host ip>8080/nifi - I get invalid host header response.
So I added to docker-compose.yml:
environment:
# Tried both with and without quotes
NIFI_WEB_HTTP_HOST: "<host-ip>"
Jetty server fails to start. Insight?
Updates 2
From the logs, using just docker run --name nifi -p 8080:8080 -d apache/nifi:1.5.0:
[NiFi Web Server-24] o.a.n.w.s.HostHeaderSanitizationCustomizer Request host header [45.55.36.15:8080] different from web hostname [348146fc286f(:8080)]. Overriding to [348146fc286f:8080/nifi] where 45.55.36.15 is the host ip.
This is the crux of my problem.
Updates 3
I disabled ufw (firewall) on my local machine. I can now access nifi via localhost:8080. No progress on actually accessing on a remote host (which is the point of all this).
Sorry to hear you are having trouble with this. In Apache NiFi 1.5.0, the stricter host header protection was enabled to prevent host header poisoning attacks. Unfortunately, we have seen that this was not documented sufficiently for users who were not familiar with the configuration. In response, we have made changes that are currently in master and will be included in the upcoming 1.6.0 release:
a new property nifi.web.proxy.host was added to nifi.properties which accepts a comma-separated list of valid host headers independent of the Jetty hostname
the Docker configuration has been updated to allow proxy whitelisting from the run command
the host header protection is only enforced on "secured" NiFi instances. This should make it much easier for users to quickly deploy sandbox environments like you are doing in this case
For an immediate fix, this command should work:
docker run --name nifi \
-p 8080:8080 \
-e NIFI_WEB_HTTP_HOST=172.20.0.1
-d \
apache/nifi:latest
You can also intercept the requests using a Chrome extension like ModHeader to override the Host header and verify that it works when it matches the expected host. Along with Daniel's excellent additions, this should help you until the next version is released.
I use this and similar docker compose files for my automated NiFi Python client testing. It looks superficially similar to yours, and works perfectly well on both Ubuntu (Travis-CI) and my local MacBook pro for myself.
I suggest you try running this file as a known-good configuration, and also examine 'docker logs -f nifi' for the above to see if your environment is throwing errors on startup.
The environment variables for NIFI_WEB_HTTP_HOST and NIFI_WEB_HTTP_PORT are for when you are accessing Docker nifi on a port other than 8080, so that you don't get the host-headers blocker. I contributed these modifications to the project recently, so if you are having trouble with them I would like to know so I can fix it.
I had the same issue, I was not able to access the web ui remotely. Turns out the firewall issue. Disabling the firewalld & adding a custom firewall rule to allow docker network with port should solve the issue.
Here is my docker-compose.yml:
in docker use this. It fixed my problem.
--net=host
so that docker can reduce the internal port forwarding path.