Issue accessing NiFi UI - apache-nifi

I've set up NiFi with homebrew and when it's up and running, I cannot access the UI. It looks like, by all means, NiFi is running fine according to "nifi status", but I can't access the UI in the browser. All that I see is this:
Any tips on how I might be able to remedy this?

NiFi is now HTTPS by default. You are trying to access via HTTP.
Accessing NiFi with HTTP on the HTTPS port (This will FAIL)
Accessing NiFI with HTTPS on the HTTPS port (This will SUCCEED)

Related

Apache nifi localhost login problem - cannot see login GUI after using for the first time

Problem:
I'm using apache nifi on ubuntu 18.04 on virtualbox 6.1. I manage to use apache nifi once without any problems. The log in page using localhost:8443 works the first time, but after a while when I start apache nifi again (e.g. after a reboot of the machine) and when I goto localhost:8443 again I do not get a page to log into nifi anymore.
All that appears are some symbols and I cannot log into nifi like the first time. Basically I want to be able to log into apache nifi. I'm not sure why the symbols appear instead of the log in page.
Here's what I do:
I start apache nifi-1.16.3 from its installation with its start command:
bin/nifi.sh start
bin/nifi.sh status
Nifi looks to start correctly and the status command shows that nifi is running
I then enter localhost:8443/nifi/login in firefox web browser and I am presented a page that only contains symbols.
What i've tried:
I've downloaded nifi again and started another instance using the fresh download. This does the same i.e. it will show the login page correctly the first time I use it. Then when I try to access the login page after a time via the localhost it will show the symbols instead of the log in page.
I've checked to see whether the port 8443 is being used by something else but it seems free. When nifi is running I check the port, then I shut it down. Once it is shut down no other service etc. is using port 8443. When trying to access localhost:8443 instead of the symbols it shows "Unable to connect" when nifi is shutdown down.
Not sure what else to explore to solve this issue where I can't access the log in GUI through the localhost.
Just add a secure HTTP protocol like this: Local Host

Weblogic Proxy-Plugin

I am new to Weblogic.I was experimenting on the load balancing capabilities of WLS.I used a proxy plugin provided by default as a load balancer.
I want to check which server in a cluster gets the request from the proxy server every time I reload my site.
When I use "request.getServerPort()" I am getting the proxy server's port, but what I want is the managed server's port.
Have you tried request.getLocalPort()?

WSO2 ESB proxy service on Windows

i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)

How disable remote access in elasticsearch

When running a elasticsearch server.
We can access www.example.com:9200
But i want block remote access only allow local access.
How to setting?
Instead of disabling whole HTTP protocol by changing http.enabled in /etc/elasticsearch/elasticsearch.yml settings (because some of your APIs can use the HTTP endpoint which was my case), you can just set network.host: localhost in the same file.
This will make your :9200 HTTP access to be available only from your local machine/server.
Elasticsearch allows you to disable the http endpoint just setting http.enabled to false in the settings. It also allows to have a local node which will only be reachable in the same jvm. On the other hand you are asking how to allow only local access to the rest endpoint, which is different and require the use of additional tools.
In fact, it's not a good idea to expose elasticsearch to the internet. I would use a proxy like apache or Nginx to limit the access to it and open for instance only some of the available endpoints, but that's needed only if you have external users that want to send messages directly to elasticsearch. Usually that's not the case. Or if you just want to deny access to it for all external users, because it's for instance only your website or application that needs access to it, just use a firewall and setup a proper rule to close the 9200 port.
You should set http.host to "127.0.0.1". This way you can access http on port 9200 from host itself, however not from outside. This also allows you to put a proxy which listens on some other port and filters and passes the requests selectively to elasticsearch node on localhost:9200.
For example, you may want to reject the request for shutdown, do a basic authentication using nginx and then pass all query requests to elasticsearch cluster url at http://localhost:9200.
This doesn't involve firewall.

Apache forward proxy that handles https

I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.

Resources