如何在 windows 上的 docker 桌面上使用 ssl

Question

我在 docker 中有一个开发环境，我正在使用 Nifi 1.13.2，它运行良好 (http)。我对 Nifi 进行了升级，以使用仅使用 HTTPS 启动的 1.15.3 版，但它不再工作了。 docker-撰写：

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver

来自 nifi-app.log 的日志：

nifi-app_2022-03-16_14.0.log:36362:2022-03-16 14:36:43,370 INFO [main] org.apache.nifi.web.server.JettyServer Created HostHeaderHandler [HostHeaderHandler for 2dec0477131a:8443}]
nifi-app_2022-03-16_14.0.log:139435:2022-03-16 14:37:07,253 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@36b53f08{SSL, (ssl, http/1.1)}{2dec0477131a:8443}
nifi-app_2022-03-16_14.0.log:139933:2022-03-16 14:37:07,292 INFO [main] org.apache.nifi.web.server.JettyServer https://2dec0477131a:8443/nifi

访问 https://localhost:10000/nifi 时出现日志错误:

2022-03-16 14:39:15,572 WARN [NiFi Web Server-16] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/nifi]
2022-03-16 14:39:15,655 WARN [NiFi Web Server-20] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/favicon.ico]

[![在此处输入图片描述][1]][1]

我在 docker 桌面上看到，当我在浏览器中打开时，它会打开 http://localhost:10000/nifi ，我该如何更改此 url？

更新1：我找到了这篇文章：https://www.javahelps.com/2022/01/run-apache-nifi-in-docker-with-ssl.html 所以我的 docker-compose 看起来像这样：

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=jhiihihhu
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST=0.0.0.0:8443
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr+7s+7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.jks

我仍然有同样的错误。 [1]: https://i.stack.imgur.com/OGqE6.png

更新 2：它与以下 docker 组合一起工作：

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=khiuiuiuh
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST='localhost:8443,localhost:10000'
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr+7s+7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 8443:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.

2022 年 3 月 30 日更新：我已经使用新版本几天了，每次启动 Nifi 时，我都会收到错误消息：提供的用户名和密码无效。我必须运行 docker-撰写并重新开始。我还想启用匿名身份验证，即使我将 NIFI_SECURITY_ALLOW_ANONYMOUS_AUTHENTICATION 设置为 true 也无法正常工作。

Answer 1

尝试在 docker-compose 的环境部分添加 NIFI_WEB_PROXY_HOST=localhost:8443。此外，您必须检查是否可以将端口 10000 用于 Nifi。

如何在 windows 上的 docker 桌面上使用 ssl

How to use ssl with docker desktop on windows

ssl

docker-compose

https

apache-nifi