You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ij...@apache.org on 2016/10/07 06:03:22 UTC
nifi git commit: NIFI-2855: Site-to-Site with port forwarding.
Repository: nifi
Updated Branches:
refs/heads/master 09568d092 -> 540ef63ef
NIFI-2855: Site-to-Site with port forwarding.
- Added following properties:
- nifi.web.http.port.forwarding
- nifi.web.https.port.forwarding
This closes #1100.
Signed-off-by: Koji Kawamura <ij...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/540ef63e
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/540ef63e
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/540ef63e
Branch: refs/heads/master
Commit: 540ef63efa9d6b2af84f57fe4eae2f08e6dd1693
Parents: 09568d0
Author: Koji Kawamura <ij...@apache.org>
Authored: Tue Oct 4 19:39:36 2016 +0900
Committer: Koji Kawamura <ij...@apache.org>
Committed: Fri Oct 7 15:00:37 2016 +0900
----------------------------------------------------------------------
.../org/apache/nifi/util/NiFiProperties.java | 22 ++++++++--
.../src/main/asciidoc/administration-guide.adoc | 2 +
.../nifi/web/api/TestSiteToSiteResource.java | 43 +++++++++++++-------
3 files changed, 50 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/540ef63e/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 3fab706..0242905 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -147,8 +147,10 @@ public abstract class NiFiProperties {
// web properties
public static final String WEB_WAR_DIR = "nifi.web.war.directory";
public static final String WEB_HTTP_PORT = "nifi.web.http.port";
+ public static final String WEB_HTTP_PORT_FORWARDING = "nifi.web.http.port.forwarding";
public static final String WEB_HTTP_HOST = "nifi.web.http.host";
public static final String WEB_HTTPS_PORT = "nifi.web.https.port";
+ public static final String WEB_HTTPS_PORT_FORWARDING = "nifi.web.https.port.forwarding";
public static final String WEB_HTTPS_HOST = "nifi.web.https.host";
public static final String WEB_WORKING_DIR = "nifi.web.jetty.working.directory";
public static final String WEB_THREADS = "nifi.web.jetty.threads";
@@ -403,9 +405,23 @@ public abstract class NiFiProperties {
return null;
}
- String propertyKey = isSiteToSiteSecure() ? NiFiProperties.WEB_HTTPS_PORT : NiFiProperties.WEB_HTTP_PORT;
- Integer port = getIntegerProperty(propertyKey, 0);
- if (port == 0) {
+ final String propertyKey;
+ if (isSiteToSiteSecure()) {
+ if (StringUtils.isBlank(getProperty(NiFiProperties.WEB_HTTPS_PORT_FORWARDING))) {
+ propertyKey = WEB_HTTPS_PORT;
+ } else {
+ propertyKey = WEB_HTTPS_PORT_FORWARDING;
+ }
+ } else {
+ if (StringUtils.isBlank(getProperty(NiFiProperties.WEB_HTTP_PORT_FORWARDING))) {
+ propertyKey = WEB_HTTP_PORT;
+ } else {
+ propertyKey = WEB_HTTP_PORT_FORWARDING;
+ }
+ }
+
+ final Integer port = getIntegerProperty(propertyKey, null);
+ if (port == null) {
throw new RuntimeException("Remote input HTTP" + (isSiteToSiteSecure() ? "S" : "")
+ " is enabled but " + propertyKey + " is not specified.");
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/540ef63e/nifi-docs/src/main/asciidoc/administration-guide.adoc
----------------------------------------------------------------------
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 67a912a..d997bfc 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1981,8 +1981,10 @@ These properties pertain to the web-based User Interface.
|nifi.web.war.directory|This is the location of the web war directory. The default value is ./lib.
|nifi.web.http.host|The HTTP host. It is blank by default.
|nifi.web.http.port|The HTTP port. The default value is 8080.
+|nifi.web.http.port.forwarding|The port which forwards incoming HTTP requests to nifi.web.http.host. This property is designed to be used with 'port forwarding', when NiFi has to be started by a non-root user for better security, yet it needs to be accessed via low port to go through a firewall. For example, to expose NiFi via HTTP protocol on port 80, but actually listening on port 8080, you need to configure OS level port forwarding such as `iptables` (Linux/Unix) or `pfctl` (OS X) that redirects requests from 80 to 8080. Then set `nifi.web.http.port` as 8080, and `nifi.web.http.port.forwarding` as 80. It is blank by default.
|nifi.web.https.host|The HTTPS host. It is blank by default.
|nifi.web.https.port|The HTTPS port. It is blank by default. When configuring NiFi to run securely, this port should be configured.
+|nifi.web.https.port.forwarding|Same as `nifi.web.http.port.forwarding`, but with HTTPS for secure communication. It is blank by default.
|nif.web.jetty.working.directory|The location of the Jetty working directory. The default value is ./work/jetty.
|nifi.web.jetty.threads|The number of Jetty threads. The default value is 200.
|====
http://git-wip-us.apache.org/repos/asf/nifi/blob/540ef63e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
index 5f3aef3..ce3e44c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
@@ -24,6 +24,7 @@ import org.apache.nifi.remote.protocol.http.HttpHeaders;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.api.dto.ControllerDTO;
+import org.apache.nifi.web.api.dto.remote.PeerDTO;
import org.apache.nifi.web.api.entity.ControllerEntity;
import org.apache.nifi.web.api.entity.PeersEntity;
import org.apache.nifi.web.api.entity.TransactionResultEntity;
@@ -122,6 +123,28 @@ public class TestSiteToSiteResource {
assertEquals(200, response.getStatus());
assertEquals(1, resultEntity.getPeers().size());
+ final PeerDTO peer = resultEntity.getPeers().iterator().next();
+ assertEquals(8080, peer.getPort());
+ }
+
+ @Test
+ public void testPeersPortForwarding() throws Exception {
+ final HttpServletRequest req = createCommonHttpServletRequest();
+
+ final NiFiServiceFacade serviceFacade = mock(NiFiServiceFacade.class);
+
+ final Map<String, String> additionalProperties = new HashMap<>();
+ additionalProperties.put(NiFiProperties.WEB_HTTP_PORT_FORWARDING, "80");
+ final SiteToSiteResource resource = getSiteToSiteResource(serviceFacade, additionalProperties);
+
+ final Response response = resource.getPeers(req);
+
+ PeersEntity resultEntity = (PeersEntity) response.getEntity();
+
+ assertEquals(200, response.getStatus());
+ assertEquals(1, resultEntity.getPeers().size());
+ final PeerDTO peer = resultEntity.getPeers().iterator().next();
+ assertEquals(80, peer.getPort());
}
@Test
@@ -130,7 +153,9 @@ public class TestSiteToSiteResource {
final NiFiServiceFacade serviceFacade = mock(NiFiServiceFacade.class);
- final SiteToSiteResource resource = getSiteToSiteResourceClustered(serviceFacade);
+ final Map<String, String> clusterSettings = new HashMap<>();
+ clusterSettings.put(NiFiProperties.CLUSTER_IS_NODE, "true");
+ final SiteToSiteResource resource = getSiteToSiteResource(serviceFacade, clusterSettings);
final ClusterCoordinator clusterCoordinator = mock(ClusterCoordinator.class);
final Map<String, NodeWorkload> hostportWorkloads = new HashMap<>();
@@ -165,7 +190,6 @@ public class TestSiteToSiteResource {
}
-
@Test
public void testPeersVersionWasNotSpecified() throws Exception {
final HttpServletRequest req = mock(HttpServletRequest.class);
@@ -200,20 +224,11 @@ public class TestSiteToSiteResource {
}
private SiteToSiteResource getSiteToSiteResource(final NiFiServiceFacade serviceFacade) {
- final SiteToSiteResource resource = new SiteToSiteResource(NiFiProperties.createBasicNiFiProperties(null, null)) {
- @Override
- protected void authorizeSiteToSite() {
- }
- };
- resource.setProperties(NiFiProperties.createBasicNiFiProperties(null, null));
- resource.setServiceFacade(serviceFacade);
- return resource;
+ return getSiteToSiteResource(serviceFacade, null);
}
- private SiteToSiteResource getSiteToSiteResourceClustered(final NiFiServiceFacade serviceFacade) {
- final Map<String, String> clusterSettings = new HashMap<>();
- clusterSettings.put(NiFiProperties.CLUSTER_IS_NODE, "true");
- final NiFiProperties properties = NiFiProperties.createBasicNiFiProperties(null, clusterSettings);
+ private SiteToSiteResource getSiteToSiteResource(final NiFiServiceFacade serviceFacade, final Map<String, String> additionalProperties) {
+ final NiFiProperties properties = NiFiProperties.createBasicNiFiProperties(null, additionalProperties);
final SiteToSiteResource resource = new SiteToSiteResource(properties) {
@Override
protected void authorizeSiteToSite() {