Trouble accessing v 1.14.0 on GCP

[Mike Sofen <MS...@ansunbiopharma.com>]

At my prior company I've installed earlier versions of nifi on GCP Debian VMs and not had a problem pointing a Windows 10 browser at them and going to work.  I'm aware v1.14.0 requires a user login when not using certs, but I can't even get to that step.

I'm pulling my remaining hair out trying to connect to a new Debian VM on GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this caveat - I cannot reference the static external IP - only the default IP (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that opens the 8443 port for the VM, and even added ICMP to it and can ping it from a CMD shell on my PC.  I've checked all of the file permissions on that VM, all uniformly correct.

Details of my nifi.properties:

If I use:
nifi.web.https.host=127.0.0.1 (the default)
nifi.web.https.port=8443

Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused to connect "

If I use the VM's static IP (which is what I've used on prior VMs): 
nifi.web.https.host=35.xxx.xx.xxx
nifi.web.https.port=8443

Nifi fails to start, with the log saying: 
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.236.80.234:8543
Caused by: java.net.BindException: Cannot assign requested address

Endless web searches and tests have resulted in no change of behavior - with the default IP, Nifi runs but I can't access it, and with my external IP, it won't start.  I've even tried using a different port (8543), no change.  In this GCP project, I have just this one VM and it has successfully been running Postgres for many months.

Any ideas?

Mike Sofen

Re: Trouble accessing v 1.14.0 on GCP

[David Handermann <ex...@apache.org>]

You're welcome, glad to hear that worked!

Regards,
David Handermann

On Mon, Aug 23, 2021 at 12:07 PM Mike Sofen <MS...@ansunbiopharma.com>
wrote:

> That was it – *setting the **nifi.web.proxy.host to the VM’s external IP*
> (and leaving the nifi.web.https.host blank) resulted in the Nifi login
> screen, and I was able to log in.
>
>
>
> Whew!!  Thank you so much for the information.  Mike
>
>
>
>
>
> *From:* David Handermann <ex...@apache.org>
> *Sent:* Monday, August 23, 2021 9:28 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Trouble accessing v 1.14.0 on GCP
>
>
>
> Hi Mike,
>
>
>
> Thanks for the reply, it looks like the request is now getting to the NiFi
> server.  The error message indicates that the public IP address is not one
> of the expected values for the HTTP Host header, based on the NiFi
> configuration. The following property should be configured with the public
> DNS name of the NiFi system in order for NiFi to accept requests:
>
> nifi.web.proxy.host
>
>
>
> See the Web Properties section of the Administrator's Guide for more
> details on that particular property:
>
>
>
>
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#web-properties
>
>
>
> Running a reverse DNS lookup of the public IP address should return the
> host value to use for that property, and for accessing NiFi through the
> browser.
>
>
>
> Regards,
>
> David Handermann
>
>
>
> On Mon, Aug 23, 2021 at 11:16 AM Mike Sofen <MS...@ansunbiopharma.com>
> wrote:
>
> Hi David,
>
>
>
> Thanks for the tip to try a blank https host address – I hadn’t tried that
> since there was a note somewhere saying something like “nifi will pick the
> network, which may not be what you want”.
>
>
>
> However, trying it resulted in the same outcome – my on-prem Windows PC
> browser cannot connect to the GCP nifi. but now gets the result shown
> below.  I never get a login screen as the docs mention.  Mike
>
>
>
>
>
>
>
>
>
>
>
>
>
> *From:* David Handermann <ex...@apache.org>
> *Sent:* Monday, August 23, 2021 6:38 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Trouble accessing v 1.14.0 on GCP
>
>
>
> Hi Mike,
>
>
>
> Small correction, I mistyped the property name the second time, so for
> clarification, I intended to say setting a blank value for the HTTPS host
> as follows:
>
> nifi.web.https.host=
>
>
>
> Regards,
>
> David Handermann
>
>
>
> On Mon, Aug 23, 2021 at 8:35 AM David Handermann <
> exceptionfactory@apache.org> wrote:
>
> Hi Mike,
>
>
>
> The nifi.web.https.host property must match one of the IP addresses
> assigned to the system on which NiFi is running. The GCP virtual machine
> has a private IP address assigned to a local interface, and uses network
> address translation to send requests from the public address to the local
> interface address. Setting a blank value for nifi.web.http.post will
> cause NiFi to listen on all available interfaces, which should allow NiFi
> to receive incoming requests.
>
>
>
> The purpose of the default 127.0.0.1 address is to avoid public access to
> NiFi without additional security configuration. The default HTTPS and
> single user credentials provide some measure of protection, and I recommend
> reviewing the Security Configuration and User Authentication sections of
> the NiFi System Administrator's Guide for more details on securing the NiFi
> installation.
>
>
>
>
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration
>
>
>
> Regards,
>
> David Handermann
>
>
>
> On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>
> wrote:
>
> minor correction - the port shown (8543) was from the alternate port test,
> the regular port test 8443 returns a similar error:
> " Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address"
>
> Mike
>
> -----Original Message-----
> From: Mike Sofen
> Sent: Monday, August 23, 2021 6:00 AM
> To: users@nifi.apache.org
> Subject: Trouble accessing v 1.14.0 on GCP
>
> At my prior company I've installed earlier versions of nifi on GCP Debian
> VMs and not had a problem pointing a Windows 10 browser at them and going
> to work.  I'm aware v1.14.0 requires a user login when not using certs, but
> I can't even get to that step.
>
> I'm pulling my remaining hair out trying to connect to a new Debian VM on
> GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this
> caveat - I cannot reference the static external IP - only the default IP
> (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that
> opens the 8443 port for the VM, and even added ICMP to it and can ping it
> from a CMD shell on my PC.  I've checked all of the file permissions on
> that VM, all uniformly correct.
>
> Details of my nifi.properties:
>
> If I use:
> nifi.web.https.host=127.0.0.1 (the default)
> nifi.web.https.port=8443
>
> Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused
> to connect "
>
> If I use the VM's static IP (which is what I've used on prior VMs):
> nifi.web.https.host=35.xxx.xx.xxx
> nifi.web.https.port=8443
>
> Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address
>
> Endless web searches and tests have resulted in no change of behavior -
> with the default IP, Nifi runs but I can't access it, and with my external
> IP, it won't start.  I've even tried using a different port (8543), no
> change.  In this GCP project, I have just this one VM and it has
> successfully been running Postgres for many months.
>
> Any ideas?
>
> Mike Sofen
>
>

RE: Trouble accessing v 1.14.0 on GCP

[Mike Sofen <MS...@ansunbiopharma.com>]

That was it – setting the nifi.web.proxy.host to the VM’s external IP (and leaving the nifi.web.https.host blank) resulted in the Nifi login screen, and I was able to log in.

Whew!!  Thank you so much for the information.  Mike


From: David Handermann <ex...@apache.org>
Sent: Monday, August 23, 2021 9:28 AM
To: users@nifi.apache.org
Subject: Re: Trouble accessing v 1.14.0 on GCP

Hi Mike,

Thanks for the reply, it looks like the request is now getting to the NiFi server.  The error message indicates that the public IP address is not one of the expected values for the HTTP Host header, based on the NiFi configuration. The following property should be configured with the public DNS name of the NiFi system in order for NiFi to accept requests:
nifi.web.proxy.host

See the Web Properties section of the Administrator's Guide for more details on that particular property:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#web-properties

Running a reverse DNS lookup of the public IP address should return the host value to use for that property, and for accessing NiFi through the browser.

Regards,
David Handermann

On Mon, Aug 23, 2021 at 11:16 AM Mike Sofen <MS...@ansunbiopharma.com>> wrote:
Hi David,

Thanks for the tip to try a blank https host address – I hadn’t tried that since there was a note somewhere saying something like “nifi will pick the network, which may not be what you want”.

However, trying it resulted in the same outcome – my on-prem Windows PC browser cannot connect to the GCP nifi. but now gets the result shown below.  I never get a login screen as the docs mention.  Mike



[cid:image001.png@01D79806.816A6BE0]



From: David Handermann <ex...@apache.org>>
Sent: Monday, August 23, 2021 6:38 AM
To: users@nifi.apache.org<ma...@nifi.apache.org>
Subject: Re: Trouble accessing v 1.14.0 on GCP

Hi Mike,

Small correction, I mistyped the property name the second time, so for clarification, I intended to say setting a blank value for the HTTPS host as follows:
nifi.web.https.host=

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:35 AM David Handermann <ex...@apache.org>> wrote:
Hi Mike,

The nifi.web.https.host property must match one of the IP addresses assigned to the system on which NiFi is running. The GCP virtual machine has a private IP address assigned to a local interface, and uses network address translation to send requests from the public address to the local interface address. Setting a blank value for nifi.web.http.post<http://nifi.web.http.post> will cause NiFi to listen on all available interfaces, which should allow NiFi to receive incoming requests.

The purpose of the default 127.0.0.1 address is to avoid public access to NiFi without additional security configuration. The default HTTPS and single user credentials provide some measure of protection, and I recommend reviewing the Security Configuration and User Authentication sections of the NiFi System Administrator's Guide for more details on securing the NiFi installation.

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>> wrote:
minor correction - the port shown (8543) was from the alternate port test, the regular port test 8443 returns a similar error:
" Nifi fails to start, with the log saying:
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address"

Mike

-----Original Message-----
From: Mike Sofen
Sent: Monday, August 23, 2021 6:00 AM
To: users@nifi.apache.org<ma...@nifi.apache.org>
Subject: Trouble accessing v 1.14.0 on GCP

At my prior company I've installed earlier versions of nifi on GCP Debian VMs and not had a problem pointing a Windows 10 browser at them and going to work.  I'm aware v1.14.0 requires a user login when not using certs, but I can't even get to that step.

I'm pulling my remaining hair out trying to connect to a new Debian VM on GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this caveat - I cannot reference the static external IP - only the default IP (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that opens the 8443 port for the VM, and even added ICMP to it and can ping it from a CMD shell on my PC.  I've checked all of the file permissions on that VM, all uniformly correct.

Details of my nifi.properties:

If I use:
nifi.web.https.host=127.0.0.1 (the default)
nifi.web.https.port=8443

Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused to connect "

If I use the VM's static IP (which is what I've used on prior VMs):
nifi.web.https.host=35.xxx.xx.xxx
nifi.web.https.port=8443

Nifi fails to start, with the log saying:
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address

Endless web searches and tests have resulted in no change of behavior - with the default IP, Nifi runs but I can't access it, and with my external IP, it won't start.  I've even tried using a different port (8543), no change.  In this GCP project, I have just this one VM and it has successfully been running Postgres for many months.

Any ideas?

Mike Sofen

Re: Trouble accessing v 1.14.0 on GCP

[David Handermann <ex...@apache.org>]

Hi Mike,

Thanks for the reply, it looks like the request is now getting to the NiFi
server.  The error message indicates that the public IP address is not one
of the expected values for the HTTP Host header, based on the NiFi
configuration. The following property should be configured with the public
DNS name of the NiFi system in order for NiFi to accept requests:

nifi.web.proxy.host

See the Web Properties section of the Administrator's Guide for more
details on that particular property:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#web-properties

Running a reverse DNS lookup of the public IP address should return the
host value to use for that property, and for accessing NiFi through the
browser.

Regards,
David Handermann

On Mon, Aug 23, 2021 at 11:16 AM Mike Sofen <MS...@ansunbiopharma.com>
wrote:

> Hi David,
>
>
>
> Thanks for the tip to try a blank https host address – I hadn’t tried that
> since there was a note somewhere saying something like “nifi will pick the
> network, which may not be what you want”.
>
>
>
> However, trying it resulted in the same outcome – my on-prem Windows PC
> browser cannot connect to the GCP nifi. but now gets the result shown
> below.  I never get a login screen as the docs mention.  Mike
>
>
>
>
>
>
>
>
>
>
>
>
>
> *From:* David Handermann <ex...@apache.org>
> *Sent:* Monday, August 23, 2021 6:38 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Trouble accessing v 1.14.0 on GCP
>
>
>
> Hi Mike,
>
>
>
> Small correction, I mistyped the property name the second time, so for
> clarification, I intended to say setting a blank value for the HTTPS host
> as follows:
>
> nifi.web.https.host=
>
>
>
> Regards,
>
> David Handermann
>
>
>
> On Mon, Aug 23, 2021 at 8:35 AM David Handermann <
> exceptionfactory@apache.org> wrote:
>
> Hi Mike,
>
>
>
> The nifi.web.https.host property must match one of the IP addresses
> assigned to the system on which NiFi is running. The GCP virtual machine
> has a private IP address assigned to a local interface, and uses network
> address translation to send requests from the public address to the local
> interface address. Setting a blank value for nifi.web.http.post will
> cause NiFi to listen on all available interfaces, which should allow NiFi
> to receive incoming requests.
>
>
>
> The purpose of the default 127.0.0.1 address is to avoid public access to
> NiFi without additional security configuration. The default HTTPS and
> single user credentials provide some measure of protection, and I recommend
> reviewing the Security Configuration and User Authentication sections of
> the NiFi System Administrator's Guide for more details on securing the NiFi
> installation.
>
>
>
>
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration
>
>
>
> Regards,
>
> David Handermann
>
>
>
> On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>
> wrote:
>
> minor correction - the port shown (8543) was from the alternate port test,
> the regular port test 8443 returns a similar error:
> " Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address"
>
> Mike
>
> -----Original Message-----
> From: Mike Sofen
> Sent: Monday, August 23, 2021 6:00 AM
> To: users@nifi.apache.org
> Subject: Trouble accessing v 1.14.0 on GCP
>
> At my prior company I've installed earlier versions of nifi on GCP Debian
> VMs and not had a problem pointing a Windows 10 browser at them and going
> to work.  I'm aware v1.14.0 requires a user login when not using certs, but
> I can't even get to that step.
>
> I'm pulling my remaining hair out trying to connect to a new Debian VM on
> GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this
> caveat - I cannot reference the static external IP - only the default IP
> (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that
> opens the 8443 port for the VM, and even added ICMP to it and can ping it
> from a CMD shell on my PC.  I've checked all of the file permissions on
> that VM, all uniformly correct.
>
> Details of my nifi.properties:
>
> If I use:
> nifi.web.https.host=127.0.0.1 (the default)
> nifi.web.https.port=8443
>
> Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused
> to connect "
>
> If I use the VM's static IP (which is what I've used on prior VMs):
> nifi.web.https.host=35.xxx.xx.xxx
> nifi.web.https.port=8443
>
> Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address
>
> Endless web searches and tests have resulted in no change of behavior -
> with the default IP, Nifi runs but I can't access it, and with my external
> IP, it won't start.  I've even tried using a different port (8543), no
> change.  In this GCP project, I have just this one VM and it has
> successfully been running Postgres for many months.
>
> Any ideas?
>
> Mike Sofen
>
>

RE: Trouble accessing v 1.14.0 on GCP

[Mike Sofen <MS...@ansunbiopharma.com>]

Hi David,

Thanks for the tip to try a blank https host address – I hadn’t tried that since there was a note somewhere saying something like “nifi will pick the network, which may not be what you want”.

However, trying it resulted in the same outcome – my on-prem Windows PC browser cannot connect to the GCP nifi. but now gets the result shown below.  I never get a login screen as the docs mention.  Mike



[cid:image002.png@01D797FF.3E7E7AD0]



From: David Handermann <ex...@apache.org>
Sent: Monday, August 23, 2021 6:38 AM
To: users@nifi.apache.org
Subject: Re: Trouble accessing v 1.14.0 on GCP

Hi Mike,

Small correction, I mistyped the property name the second time, so for clarification, I intended to say setting a blank value for the HTTPS host as follows:
nifi.web.https.host=

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:35 AM David Handermann <ex...@apache.org>> wrote:
Hi Mike,

The nifi.web.https.host property must match one of the IP addresses assigned to the system on which NiFi is running. The GCP virtual machine has a private IP address assigned to a local interface, and uses network address translation to send requests from the public address to the local interface address. Setting a blank value for nifi.web.http.post<http://nifi.web.http.post> will cause NiFi to listen on all available interfaces, which should allow NiFi to receive incoming requests.

The purpose of the default 127.0.0.1 address is to avoid public access to NiFi without additional security configuration. The default HTTPS and single user credentials provide some measure of protection, and I recommend reviewing the Security Configuration and User Authentication sections of the NiFi System Administrator's Guide for more details on securing the NiFi installation.

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>> wrote:
minor correction - the port shown (8543) was from the alternate port test, the regular port test 8443 returns a similar error:
" Nifi fails to start, with the log saying:
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address"

Mike

-----Original Message-----
From: Mike Sofen
Sent: Monday, August 23, 2021 6:00 AM
To: users@nifi.apache.org<ma...@nifi.apache.org>
Subject: Trouble accessing v 1.14.0 on GCP

At my prior company I've installed earlier versions of nifi on GCP Debian VMs and not had a problem pointing a Windows 10 browser at them and going to work.  I'm aware v1.14.0 requires a user login when not using certs, but I can't even get to that step.

I'm pulling my remaining hair out trying to connect to a new Debian VM on GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this caveat - I cannot reference the static external IP - only the default IP (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that opens the 8443 port for the VM, and even added ICMP to it and can ping it from a CMD shell on my PC.  I've checked all of the file permissions on that VM, all uniformly correct.

Details of my nifi.properties:

If I use:
nifi.web.https.host=127.0.0.1 (the default)
nifi.web.https.port=8443

Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused to connect "

If I use the VM's static IP (which is what I've used on prior VMs):
nifi.web.https.host=35.xxx.xx.xxx
nifi.web.https.port=8443

Nifi fails to start, with the log saying:
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address

Endless web searches and tests have resulted in no change of behavior - with the default IP, Nifi runs but I can't access it, and with my external IP, it won't start.  I've even tried using a different port (8543), no change.  In this GCP project, I have just this one VM and it has successfully been running Postgres for many months.

Any ideas?

Mike Sofen

Re: Trouble accessing v 1.14.0 on GCP

[David Handermann <ex...@apache.org>]

Hi Mike,

Small correction, I mistyped the property name the second time, so for
clarification, I intended to say setting a blank value for the HTTPS host
as follows:

nifi.web.https.host=

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:35 AM David Handermann <
exceptionfactory@apache.org> wrote:

> Hi Mike,
>
> The nifi.web.https.host property must match one of the IP addresses
> assigned to the system on which NiFi is running. The GCP virtual machine
> has a private IP address assigned to a local interface, and uses network
> address translation to send requests from the public address to the local
> interface address. Setting a blank value for nifi.web.http.post will
> cause NiFi to listen on all available interfaces, which should allow NiFi
> to receive incoming requests.
>
> The purpose of the default 127.0.0.1 address is to avoid public access to
> NiFi without additional security configuration. The default HTTPS and
> single user credentials provide some measure of protection, and I recommend
> reviewing the Security Configuration and User Authentication sections of
> the NiFi System Administrator's Guide for more details on securing the NiFi
> installation.
>
>
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration
>
> Regards,
> David Handermann
>
> On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>
> wrote:
>
>> minor correction - the port shown (8543) was from the alternate port
>> test, the regular port test 8443 returns a similar error:
>> " Nifi fails to start, with the log saying:
>> 2021-08-20 18:55:27,715 WARN [main]
>> org.apache.nifi.web.server.JettyServer Failed to start web server...
>> shutting down.
>> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
>> java.net.BindException: Cannot assign requested address"
>>
>> Mike
>>
>> -----Original Message-----
>> From: Mike Sofen
>> Sent: Monday, August 23, 2021 6:00 AM
>> To: users@nifi.apache.org
>> Subject: Trouble accessing v 1.14.0 on GCP
>>
>> At my prior company I've installed earlier versions of nifi on GCP Debian
>> VMs and not had a problem pointing a Windows 10 browser at them and going
>> to work.  I'm aware v1.14.0 requires a user login when not using certs, but
>> I can't even get to that step.
>>
>> I'm pulling my remaining hair out trying to connect to a new Debian VM on
>> GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this
>> caveat - I cannot reference the static external IP - only the default IP
>> (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that
>> opens the 8443 port for the VM, and even added ICMP to it and can ping it
>> from a CMD shell on my PC.  I've checked all of the file permissions on
>> that VM, all uniformly correct.
>>
>> Details of my nifi.properties:
>>
>> If I use:
>> nifi.web.https.host=127.0.0.1 (the default)
>> nifi.web.https.port=8443
>>
>> Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused
>> to connect "
>>
>> If I use the VM's static IP (which is what I've used on prior VMs):
>> nifi.web.https.host=35.xxx.xx.xxx
>> nifi.web.https.port=8443
>>
>> Nifi fails to start, with the log saying:
>> 2021-08-20 18:55:27,715 WARN [main]
>> org.apache.nifi.web.server.JettyServer Failed to start web server...
>> shutting down.
>> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
>> java.net.BindException: Cannot assign requested address
>>
>> Endless web searches and tests have resulted in no change of behavior -
>> with the default IP, Nifi runs but I can't access it, and with my external
>> IP, it won't start.  I've even tried using a different port (8543), no
>> change.  In this GCP project, I have just this one VM and it has
>> successfully been running Postgres for many months.
>>
>> Any ideas?
>>
>> Mike Sofen
>>
>>

Re: Trouble accessing v 1.14.0 on GCP

[David Handermann <ex...@apache.org>]

Hi Mike,

The nifi.web.https.host property must match one of the IP addresses
assigned to the system on which NiFi is running. The GCP virtual machine
has a private IP address assigned to a local interface, and uses network
address translation to send requests from the public address to the local
interface address. Setting a blank value for nifi.web.http.post will cause
NiFi to listen on all available interfaces, which should allow NiFi to
receive incoming requests.

The purpose of the default 127.0.0.1 address is to avoid public access to
NiFi without additional security configuration. The default HTTPS and
single user credentials provide some measure of protection, and I recommend
reviewing the Security Configuration and User Authentication sections of
the NiFi System Administrator's Guide for more details on securing the NiFi
installation.

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration

Regards,
David Handermann

On Mon, Aug 23, 2021 at 8:06 AM Mike Sofen <MS...@ansunbiopharma.com>
wrote:

> minor correction - the port shown (8543) was from the alternate port test,
> the regular port test 8443 returns a similar error:
> " Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address"
>
> Mike
>
> -----Original Message-----
> From: Mike Sofen
> Sent: Monday, August 23, 2021 6:00 AM
> To: users@nifi.apache.org
> Subject: Trouble accessing v 1.14.0 on GCP
>
> At my prior company I've installed earlier versions of nifi on GCP Debian
> VMs and not had a problem pointing a Windows 10 browser at them and going
> to work.  I'm aware v1.14.0 requires a user login when not using certs, but
> I can't even get to that step.
>
> I'm pulling my remaining hair out trying to connect to a new Debian VM on
> GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this
> caveat - I cannot reference the static external IP - only the default IP
> (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that
> opens the 8443 port for the VM, and even added ICMP to it and can ping it
> from a CMD shell on my PC.  I've checked all of the file permissions on
> that VM, all uniformly correct.
>
> Details of my nifi.properties:
>
> If I use:
> nifi.web.https.host=127.0.0.1 (the default)
> nifi.web.https.port=8443
>
> Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused
> to connect "
>
> If I use the VM's static IP (which is what I've used on prior VMs):
> nifi.web.https.host=35.xxx.xx.xxx
> nifi.web.https.port=8443
>
> Nifi fails to start, with the log saying:
> 2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by:
> java.net.BindException: Cannot assign requested address
>
> Endless web searches and tests have resulted in no change of behavior -
> with the default IP, Nifi runs but I can't access it, and with my external
> IP, it won't start.  I've even tried using a different port (8543), no
> change.  In this GCP project, I have just this one VM and it has
> successfully been running Postgres for many months.
>
> Any ideas?
>
> Mike Sofen
>
>

RE: Trouble accessing v 1.14.0 on GCP

[Mike Sofen <MS...@ansunbiopharma.com>]

minor correction - the port shown (8543) was from the alternate port test, the regular port test 8443 returns a similar error:  
" Nifi fails to start, with the log saying: 
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address"

Mike

-----Original Message-----
From: Mike Sofen 
Sent: Monday, August 23, 2021 6:00 AM
To: users@nifi.apache.org
Subject: Trouble accessing v 1.14.0 on GCP

At my prior company I've installed earlier versions of nifi on GCP Debian VMs and not had a problem pointing a Windows 10 browser at them and going to work.  I'm aware v1.14.0 requires a user login when not using certs, but I can't even get to that step.

I'm pulling my remaining hair out trying to connect to a new Debian VM on GCP running v 1.14.0 on Java 8.  Nifi starts and runs properly, with this caveat - I cannot reference the static external IP - only the default IP (127.0.0.1), so my browser can't connect.  I have a GCP firewall rule that opens the 8443 port for the VM, and even added ICMP to it and can ping it from a CMD shell on my PC.  I've checked all of the file permissions on that VM, all uniformly correct.

Details of my nifi.properties:

If I use:
nifi.web.https.host=127.0.0.1 (the default)
nifi.web.https.port=8443

Nifi starts properly and runs, but my browser returns " 127.0.0.1 refused to connect "

If I use the VM's static IP (which is what I've used on prior VMs): 
nifi.web.https.host=35.xxx.xx.xxx
nifi.web.https.port=8443

Nifi fails to start, with the log saying: 
2021-08-20 18:55:27,715 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.io.IOException: Failed to bind to /35.xxx.xx.xxx:8543 Caused by: java.net.BindException: Cannot assign requested address

Endless web searches and tests have resulted in no change of behavior - with the default IP, Nifi runs but I can't access it, and with my external IP, it won't start.  I've even tried using a different port (8543), no change.  In this GCP project, I have just this one VM and it has successfully been running Postgres for many months.

Any ideas?

Mike Sofen