From 540ef63efa9d6b2af84f57fe4eae2f08e6dd1693 Mon Sep 17 00:00:00 2001
From: Koji Kawamura <ijokarumawak@apache.org>
Date: Tue, 4 Oct 2016 19:39:36 +0900
Subject: [PATCH] NIFI-2855: Site-to-Site with port forwarding.

- Added following properties:
  - nifi.web.http.port.forwarding
  - nifi.web.https.port.forwarding

This closes #1100.

Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
---
 .../org/apache/nifi/util/NiFiProperties.java  | 22 ++++++++--
 .../main/asciidoc/administration-guide.adoc   |  2 +
 .../nifi/web/api/TestSiteToSiteResource.java  | 43 +++++++++++++------
 3 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 3fab7061d5..0242905a7c 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -147,8 +147,10 @@ public abstract class NiFiProperties {
     // web properties
     public static final String WEB_WAR_DIR = "nifi.web.war.directory";
     public static final String WEB_HTTP_PORT = "nifi.web.http.port";
+    public static final String WEB_HTTP_PORT_FORWARDING = "nifi.web.http.port.forwarding";
     public static final String WEB_HTTP_HOST = "nifi.web.http.host";
     public static final String WEB_HTTPS_PORT = "nifi.web.https.port";
+    public static final String WEB_HTTPS_PORT_FORWARDING = "nifi.web.https.port.forwarding";
     public static final String WEB_HTTPS_HOST = "nifi.web.https.host";
     public static final String WEB_WORKING_DIR = "nifi.web.jetty.working.directory";
     public static final String WEB_THREADS = "nifi.web.jetty.threads";
@@ -403,9 +405,23 @@ public abstract class NiFiProperties {
             return null;
         }
 
-        String propertyKey = isSiteToSiteSecure() ? NiFiProperties.WEB_HTTPS_PORT : NiFiProperties.WEB_HTTP_PORT;
-        Integer port = getIntegerProperty(propertyKey, 0);
-        if (port == 0) {
+        final String propertyKey;
+        if (isSiteToSiteSecure()) {
+            if (StringUtils.isBlank(getProperty(NiFiProperties.WEB_HTTPS_PORT_FORWARDING))) {
+                propertyKey = WEB_HTTPS_PORT;
+            } else {
+                propertyKey = WEB_HTTPS_PORT_FORWARDING;
+            }
+        } else {
+            if (StringUtils.isBlank(getProperty(NiFiProperties.WEB_HTTP_PORT_FORWARDING))) {
+                propertyKey = WEB_HTTP_PORT;
+            } else {
+                propertyKey = WEB_HTTP_PORT_FORWARDING;
+            }
+        }
+
+        final Integer port = getIntegerProperty(propertyKey, null);
+        if (port == null) {
             throw new RuntimeException("Remote input HTTP" + (isSiteToSiteSecure() ? "S" : "")
                     + " is enabled but " + propertyKey + " is not specified.");
         }
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 67a912a7d6..d997bfcc40 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1981,8 +1981,10 @@ These properties pertain to the web-based User Interface.
 |nifi.web.war.directory|This is the location of the web war directory. The default value is ./lib.
 |nifi.web.http.host|The HTTP host. It is blank by default.
 |nifi.web.http.port|The HTTP port. The default value is 8080.
+|nifi.web.http.port.forwarding|The port which forwards incoming HTTP requests to nifi.web.http.host. This property is designed to be used with 'port forwarding', when NiFi has to be started by a non-root user for better security, yet it needs to be accessed via low port to go through a firewall. For example, to expose NiFi via HTTP protocol on port 80, but actually listening on port 8080, you need to configure OS level port forwarding such as `iptables` (Linux/Unix) or `pfctl` (OS X) that redirects requests from 80 to 8080. Then set `nifi.web.http.port` as 8080, and `nifi.web.http.port.forwarding` as 80. It is blank by default.
 |nifi.web.https.host|The HTTPS host. It is blank by default.
 |nifi.web.https.port|The HTTPS port. It is blank by default. When configuring NiFi to run securely, this port should be configured.
+|nifi.web.https.port.forwarding|Same as `nifi.web.http.port.forwarding`, but with HTTPS for secure communication. It is blank by default.
 |nif.web.jetty.working.directory|The location of the Jetty working directory. The default value is ./work/jetty.
 |nifi.web.jetty.threads|The number of Jetty threads. The default value is 200.
 |====
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
index 5f3aef3ddc..ce3e44cf9f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
@@ -24,6 +24,7 @@ import org.apache.nifi.remote.protocol.http.HttpHeaders;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.api.dto.ControllerDTO;
+import org.apache.nifi.web.api.dto.remote.PeerDTO;
 import org.apache.nifi.web.api.entity.ControllerEntity;
 import org.apache.nifi.web.api.entity.PeersEntity;
 import org.apache.nifi.web.api.entity.TransactionResultEntity;
@@ -122,6 +123,28 @@ public class TestSiteToSiteResource {
 
         assertEquals(200, response.getStatus());
         assertEquals(1, resultEntity.getPeers().size());
+        final PeerDTO peer = resultEntity.getPeers().iterator().next();
+        assertEquals(8080, peer.getPort());
+    }
+
+    @Test
+    public void testPeersPortForwarding() throws Exception {
+        final HttpServletRequest req = createCommonHttpServletRequest();
+
+        final NiFiServiceFacade serviceFacade = mock(NiFiServiceFacade.class);
+
+        final Map<String, String> additionalProperties = new HashMap<>();
+        additionalProperties.put(NiFiProperties.WEB_HTTP_PORT_FORWARDING, "80");
+        final SiteToSiteResource resource = getSiteToSiteResource(serviceFacade, additionalProperties);
+
+        final Response response = resource.getPeers(req);
+
+        PeersEntity resultEntity = (PeersEntity) response.getEntity();
+
+        assertEquals(200, response.getStatus());
+        assertEquals(1, resultEntity.getPeers().size());
+        final PeerDTO peer = resultEntity.getPeers().iterator().next();
+        assertEquals(80, peer.getPort());
     }
 
     @Test
@@ -130,7 +153,9 @@ public class TestSiteToSiteResource {
 
         final NiFiServiceFacade serviceFacade = mock(NiFiServiceFacade.class);
 
-        final SiteToSiteResource resource = getSiteToSiteResourceClustered(serviceFacade);
+        final Map<String, String> clusterSettings = new HashMap<>();
+        clusterSettings.put(NiFiProperties.CLUSTER_IS_NODE, "true");
+        final SiteToSiteResource resource = getSiteToSiteResource(serviceFacade, clusterSettings);
 
         final ClusterCoordinator clusterCoordinator = mock(ClusterCoordinator.class);
         final Map<String, NodeWorkload> hostportWorkloads = new HashMap<>();
@@ -165,7 +190,6 @@ public class TestSiteToSiteResource {
 
     }
 
-
     @Test
     public void testPeersVersionWasNotSpecified() throws Exception {
         final HttpServletRequest req = mock(HttpServletRequest.class);
@@ -200,20 +224,11 @@ public class TestSiteToSiteResource {
     }
 
     private SiteToSiteResource getSiteToSiteResource(final NiFiServiceFacade serviceFacade) {
-        final SiteToSiteResource resource = new SiteToSiteResource(NiFiProperties.createBasicNiFiProperties(null, null)) {
-            @Override
-            protected void authorizeSiteToSite() {
-            }
-        };
-        resource.setProperties(NiFiProperties.createBasicNiFiProperties(null, null));
-        resource.setServiceFacade(serviceFacade);
-        return resource;
+        return getSiteToSiteResource(serviceFacade, null);
     }
 
-    private SiteToSiteResource getSiteToSiteResourceClustered(final NiFiServiceFacade serviceFacade) {
-        final Map<String, String> clusterSettings = new HashMap<>();
-        clusterSettings.put(NiFiProperties.CLUSTER_IS_NODE, "true");
-        final NiFiProperties properties = NiFiProperties.createBasicNiFiProperties(null, clusterSettings);
+    private SiteToSiteResource getSiteToSiteResource(final NiFiServiceFacade serviceFacade, final Map<String, String> additionalProperties) {
+        final NiFiProperties properties = NiFiProperties.createBasicNiFiProperties(null, additionalProperties);
         final SiteToSiteResource resource = new SiteToSiteResource(properties) {
             @Override
             protected void authorizeSiteToSite() {