#!/bin/sh -e # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. scripts_dir='/opt/nifi/scripts' [ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" # Perform idempotent changes of configuration to support secure environments echo 'Configuring environment with SSL settings' : ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} if [ ! -f "${KEYSTORE_PATH}" ]; then echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." exit 1 fi : ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} : ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} : ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} if [ ! -f "${TRUSTSTORE_PATH}" ]; then echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." exit 1 fi : ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} : ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} prop_replace 'nifi.security.keystore' "${KEYSTORE_PATH}" prop_replace 'nifi.security.keystoreType' "${KEYSTORE_TYPE}" prop_replace 'nifi.security.keystorePasswd' "${KEYSTORE_PASSWORD}" prop_replace 'nifi.security.truststore' "${TRUSTSTORE_PATH}" prop_replace 'nifi.security.truststoreType' "${TRUSTSTORE_TYPE}" prop_replace 'nifi.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}" # Disable HTTP and enable HTTPS prop_replace 'nifi.web.http.port' '' prop_replace 'nifi.web.http.host' '' prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}" prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}" prop_replace 'nifi.remote.input.secure' 'true' # Establish initial user and an associated admin identity sed -i -e 's||'"${INITIAL_ADMIN_IDENTITY}"'|' ${NIFI_HOME}/conf/authorizers.xml sed -i -e 's||'"${INITIAL_ADMIN_IDENTITY}"'|' ${NIFI_HOME}/conf/authorizers.xml