Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-06 01:58:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-11061 Added Registry properties for HTTPS network interfaces

Browse Source 
This closes #6931

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Emilio Setiadarma 2023-02-03 17:52:22 -08:00 committed by exceptionfactory
parent 9906f0a952
commit 1395e22f0f
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
4 changed files with 54 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nifi-registry/nifi-registry-assembly/pom.xml
View File

@ -173,6 +173,7 @@
<nifi.registry.web.http.port>18080</nifi.registry.web.http.port>
<nifi.registry.web.https.host />
<nifi.registry.web.https.port />
<nifi.registry.web.https.network.interface.default />
<nifi.registry.web.https.application.protocols>http/1.1</nifi.registry.web.https.application.protocols>
<nifi.registry.jetty.work.dir>./work/jetty</nifi.registry.jetty.work.dir>
<nifi.registry.web.jetty.threads>200</nifi.registry.web.jetty.threads>

30
nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
View File

@ -47,6 +47,7 @@ import javax.servlet.Filter;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
@ -62,6 +63,7 @@ import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
@ -148,8 +150,32 @@ public class JettyServer {
private void configureConnectors() {
final ServerConnectorFactory serverConnectorFactory = new ApplicationServerConnectorFactory(server, properties);
final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
server.addConnector(serverConnector);
final Set<String> interfaceNames = properties.isHTTPSConfigured() ? properties.getHttpsNetworkInterfaceNames() : Collections.emptySet();
if (interfaceNames.isEmpty()) {
final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
server.addConnector(serverConnector);
} else {
interfaceNames.stream()
// Map interface name properties to Network Interfaces
.map(interfaceName -> {
try {
return NetworkInterface.getByName(interfaceName);
} catch (final SocketException e) {
throw new UncheckedIOException(String.format("Network Interface [%s] not found", interfaceName), e);
}
})
// Map Network Interfaces to host addresses
.filter(Objects::nonNull)
.flatMap(networkInterface -> Collections.list(networkInterface.getInetAddresses()).stream())
.map(InetAddress::getHostAddress)
// Map host addresses to Server Connectors
.map(host -> {
final ServerConnector serverConnector = serverConnectorFactory.getServerConnector();
serverConnector.setHost(host);
return serverConnector;
})
.forEach(server::addConnector);
}
}
private void loadWars() throws IOException {

24
nifi-registry/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
View File

@ -51,9 +51,12 @@ public class NiFiRegistryProperties extends ApplicationProperties {
public static final String WEB_HTTP_HOST = "nifi.registry.web.http.host";
public static final String WEB_HTTPS_PORT = "nifi.registry.web.https.port";
public static final String WEB_HTTPS_HOST = "nifi.registry.web.https.host";
public static final String WEB_HTTPS_NETWORK_INTERFACE_PREFIX = "nifi.registry.web.https.network.interface.";
public static final String WEB_HTTPS_CIPHERSUITES_INCLUDE = "nifi.registry.web.https.ciphersuites.include";
public static final String WEB_HTTPS_CIPHERSUITES_EXCLUDE = "nifi.registry.web.https.ciphersuites.exclude";
public static final String WEB_HTTPS_APPLICATION_PROTOCOLS = "nifi.registry.web.https.application.protocols";
public static final String WEB_WORKING_DIR = "nifi.registry.web.jetty.working.directory";
public static final String WEB_THREADS = "nifi.registry.web.jetty.threads";
public static final String WEB_SHOULD_SEND_SERVER_VERSION = "nifi.registry.web.should.send.server.version";
@ -479,4 +482,25 @@ public class NiFiRegistryProperties extends ApplicationProperties {
return getProperty(SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER, "email").trim();
}
/**
* Returns the network interface list to use for HTTPS
*
* @return Network interface names of all HTTPS network interface properties
*/
public Set<String> getHttpsNetworkInterfaceNames() {
final Set<String> networkInterfaceNames = new HashSet<>();
// go through each property
for (String propertyName : getPropertyKeys()) {
// determine if the property is a network interface name
if (StringUtils.startsWith(propertyName, WEB_HTTPS_NETWORK_INTERFACE_PREFIX)) {
// get the network interface property value
final String interfaceName = getProperty(propertyName);
if (StringUtils.isNotBlank(interfaceName)) {
networkInterfaceNames.add(getProperty(propertyName));
}
}
}
return networkInterfaceNames;
}
}

1
nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
View File

@ -19,6 +19,7 @@ nifi.registry.web.http.host=${nifi.registry.web.http.host}
nifi.registry.web.http.port=${nifi.registry.web.http.port}
nifi.registry.web.https.host=${nifi.registry.web.https.host}
nifi.registry.web.https.port=${nifi.registry.web.https.port}
nifi.registry.web.https.network.interface.default=${nifi.registry.web.https.network.interface.default}
nifi.registry.web.https.application.protocols=${nifi.registry.web.https.application.protocols}
nifi.registry.web.jetty.working.directory=${nifi.registry.jetty.work.dir}
nifi.registry.web.jetty.threads=${nifi.registry.web.jetty.threads}