How to use ssl with docker desktop on windows-CodePudding

I have a dev Environment in docker and I'm using Nifi 1.13.2 and it's working fine (http). I did an upgrade of Nifi to use version 1.15.3 that starts up with HTTPS only and it isn't working anymore. docker-compose :

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver

Logs from nifi-app.log :

nifi-app_2022-03-16_14.0.log:36362:2022-03-16 14:36:43,370 INFO [main] org.apache.nifi.web.server.JettyServer Created HostHeaderHandler [HostHeaderHandler for 2dec0477131a:8443}]
nifi-app_2022-03-16_14.0.log:139435:2022-03-16 14:37:07,253 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@36b53f08{SSL, (ssl, http/1.1)}{2dec0477131a:8443}
nifi-app_2022-03-16_14.0.log:139933:2022-03-16 14:37:07,292 INFO [main] org.apache.nifi.web.server.JettyServer https://2dec0477131a:8443/nifi

Error in logs when I go to https://localhost:10000/nifi :

2022-03-16 14:39:15,572 WARN [NiFi Web Server-16] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/nifi]
2022-03-16 14:39:15,655 WARN [NiFi Web Server-20] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/favicon.ico]

[![enter image description here][1]][1]

I see that on docker desktop when I do open in browser it opens http://localhost:10000/nifi , how can I change this url ?

Update1 : I found this article : https://www.javahelps.com/2022/01/run-apache-nifi-in-docker-with-ssl.html so my docker-compose looks like this :

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=deliverit
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST=0.0.0.0:8443
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr 7s 7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.jks

I still have the same error . [1]: https://i.stack.imgur.com/OGqE6.png

Update 2: It worked with the following docker compose :

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=deliverit
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST='localhost:8443,localhost:10000'
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr 7s 7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 8443:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.

CodePudding user response：

Try adding NIFI_WEB_PROXY_HOST=localhost:8443 in the environment section in docker-compose. Also, you have to check if you can use port 10000 for Nifi.