Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-17 15:36:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nifi/nifi-docker/dockerhub/sh/secure.sh
dchaffey e74c67f779 Corrected Docker tag back to standard format 
Modified Docker startup scripts to accept Environment variables if available, or use the usual defaults if not.
Updated readme to reflect changes in allowing environment variables.
Updated readme to correctly reflect the default ports that NiFi will run on.

This closes #2439

Signed-off-by: Jeremy Dyer <jeremydyer@apache.org>
2018-01-31 15:50:42 -05:00

58 lines
2.9 KiB
Bash
Raw Blame History

#!/bin/sh -e
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
scripts_dir='/opt/nifi/scripts'
[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
# Perform idempotent changes of configuration to support secure environments
echo 'Configuring environment with SSL settings'
: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."}
if [ ! -f "${KEYSTORE_PATH}" ]; then
echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
exit 1
fi
: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."}
: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."}
: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."}
if [ ! -f "${TRUSTSTORE_PATH}" ]; then
echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
exit 1
fi
: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."}
: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."}
prop_replace 'nifi.security.keystore' "${KEYSTORE_PATH}"
prop_replace 'nifi.security.keystoreType' "${KEYSTORE_TYPE}"
prop_replace 'nifi.security.keystorePasswd' "${KEYSTORE_PASSWORD}"
prop_replace 'nifi.security.truststore' "${TRUSTSTORE_PATH}"
prop_replace 'nifi.security.truststoreType' "${TRUSTSTORE_TYPE}"
prop_replace 'nifi.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}"
# Disable HTTP and enable HTTPS
prop_replace 'nifi.web.http.port' ''
prop_replace 'nifi.web.http.host' ''
prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}"
prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.secure' 'true'
# Establish initial user and an associated admin identity
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml
Reference in New Issue View Git Blame Copy Permalink