You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2023/02/09 20:44:12 UTC
[nifi] branch main updated: NIFI-11061 Added Registry properties for HTTPS network interfaces
This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 1395e22f0f NIFI-11061 Added Registry properties for HTTPS network interfaces
1395e22f0f is described below
commit 1395e22f0f81fcefa82916cabf1d3c3519e8722e
Author: Emilio Setiadarma <em...@gmail.com>
AuthorDate: Fri Feb 3 17:52:22 2023 -0800
NIFI-11061 Added Registry properties for HTTPS network interfaces
This closes #6931
Signed-off-by: David Handermann <ex...@apache.org>
---
nifi-registry/nifi-registry-assembly/pom.xml | 1 +
.../apache/nifi/registry/jetty/JettyServer.java | 30 ++++++++++++++++++++--
.../properties/NiFiRegistryProperties.java | 24 +++++++++++++++++
.../main/resources/conf/nifi-registry.properties | 1 +
4 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/nifi-registry/nifi-registry-assembly/pom.xml b/nifi-registry/nifi-registry-assembly/pom.xml
index 200db073d8..d0b44f5fcd 100644
--- a/nifi-registry/nifi-registry-assembly/pom.xml
+++ b/nifi-registry/nifi-registry-assembly/pom.xml
@@ -173,6 +173,7 @@
<nifi.registry.web.http.port>18080</nifi.registry.web.http.port>
<nifi.registry.web.https.host />
<nifi.registry.web.https.port />
+ <nifi.registry.web.https.network.interface.default />
<nifi.registry.web.https.application.protocols>http/1.1</nifi.registry.web.https.application.protocols>
<nifi.registry.jetty.work.dir>./work/jetty</nifi.registry.jetty.work.dir>
<nifi.registry.web.jetty.threads>200</nifi.registry.web.jetty.threads>
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java b/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
index f868a39270..7615928b99 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
@@ -47,6 +47,7 @@ import javax.servlet.Filter;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.io.UncheckedIOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
@@ -62,6 +63,7 @@ import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
@@ -148,8 +150,32 @@ public class JettyServer {
private void configureConnectors() {
final ServerConnectorFactory serverConnectorFactory = new ApplicationServerConnectorFactory(server, properties);
- final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
- server.addConnector(serverConnector);
+ final Set<String> interfaceNames = properties.isHTTPSConfigured() ? properties.getHttpsNetworkInterfaceNames() : Collections.emptySet();
+ if (interfaceNames.isEmpty()) {
+ final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
+ server.addConnector(serverConnector);
+ } else {
+ interfaceNames.stream()
+ // Map interface name properties to Network Interfaces
+ .map(interfaceName -> {
+ try {
+ return NetworkInterface.getByName(interfaceName);
+ } catch (final SocketException e) {
+ throw new UncheckedIOException(String.format("Network Interface [%s] not found", interfaceName), e);
+ }
+ })
+ // Map Network Interfaces to host addresses
+ .filter(Objects::nonNull)
+ .flatMap(networkInterface -> Collections.list(networkInterface.getInetAddresses()).stream())
+ .map(InetAddress::getHostAddress)
+ // Map host addresses to Server Connectors
+ .map(host -> {
+ final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
+ serverConnector.setHost(host);
+ return serverConnector;
+ })
+ .forEach(server::addConnector);
+ }
}
private void loadWars() throws IOException {
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java b/nifi-registry/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
index eeff77de5b..d72acd058b 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
@@ -51,9 +51,12 @@ public class NiFiRegistryProperties extends ApplicationProperties {
public static final String WEB_HTTP_HOST = "nifi.registry.web.http.host";
public static final String WEB_HTTPS_PORT = "nifi.registry.web.https.port";
public static final String WEB_HTTPS_HOST = "nifi.registry.web.https.host";
+ public static final String WEB_HTTPS_NETWORK_INTERFACE_PREFIX = "nifi.registry.web.https.network.interface.";
public static final String WEB_HTTPS_CIPHERSUITES_INCLUDE = "nifi.registry.web.https.ciphersuites.include";
public static final String WEB_HTTPS_CIPHERSUITES_EXCLUDE = "nifi.registry.web.https.ciphersuites.exclude";
public static final String WEB_HTTPS_APPLICATION_PROTOCOLS = "nifi.registry.web.https.application.protocols";
+
+
public static final String WEB_WORKING_DIR = "nifi.registry.web.jetty.working.directory";
public static final String WEB_THREADS = "nifi.registry.web.jetty.threads";
public static final String WEB_SHOULD_SEND_SERVER_VERSION = "nifi.registry.web.should.send.server.version";
@@ -479,4 +482,25 @@ public class NiFiRegistryProperties extends ApplicationProperties {
return getProperty(SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER, "email").trim();
}
+ /**
+ * Returns the network interface list to use for HTTPS
+ *
+ * @return Network interface names of all HTTPS network interface properties
+ */
+ public Set<String> getHttpsNetworkInterfaceNames() {
+ final Set<String> networkInterfaceNames = new HashSet<>();
+
+ // go through each property
+ for (String propertyName : getPropertyKeys()) {
+ // determine if the property is a network interface name
+ if (StringUtils.startsWith(propertyName, WEB_HTTPS_NETWORK_INTERFACE_PREFIX)) {
+ // get the network interface property value
+ final String interfaceName = getProperty(propertyName);
+ if (StringUtils.isNotBlank(interfaceName)) {
+ networkInterfaceNames.add(getProperty(propertyName));
+ }
+ }
+ }
+ return networkInterfaceNames;
+ }
}
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties b/nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
index c7a6b9fd64..5260e0a9ea 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
+++ b/nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
@@ -19,6 +19,7 @@ nifi.registry.web.http.host=${nifi.registry.web.http.host}
nifi.registry.web.http.port=${nifi.registry.web.http.port}
nifi.registry.web.https.host=${nifi.registry.web.https.host}
nifi.registry.web.https.port=${nifi.registry.web.https.port}
+nifi.registry.web.https.network.interface.default=${nifi.registry.web.https.network.interface.default}
nifi.registry.web.https.application.protocols=${nifi.registry.web.https.application.protocols}
nifi.registry.web.jetty.working.directory=${nifi.registry.jetty.work.dir}
nifi.registry.web.jetty.threads=${nifi.registry.web.jetty.threads}