Skip to main content
Ankur Rathore

Installing Apache NiFi Using Docker Compose with HTTPS

·357 words·2 mins
Ankur Rathore
Author
Ankur Rathore
Senior Systems Engineer pivoting to High-Performance Infrastructure. Building zero-allocation network drivers and cache-friendly data structures.
Table of Contents

Installing Apache NiFi Using Docker Compose with HTTPS
#

Apache NiFi can be deployed quickly using Docker Compose, ensuring a scalable and secure setup. In this guide, we will set up Apache NiFi with HTTPS enabled using a self-signed certificate and store authentication credentials in an .env file.

Prerequisites
#

Before proceeding, ensure you have:

  • Docker and Docker Compose installed.
  • OpenSSL for generating self-signed certificates.
  • A basic understanding of Docker networking.

Step 1: Generate SSL Certificates
#

Run the following commands to generate a self-signed certificate and private key:

mkdir -p ~/nifi/certs
cd ~/nifi/certs

# Generate a private key
openssl genpkey -algorithm RSA -out nifi-key.pem

# Generate a certificate signing request (CSR)
openssl req -new -key nifi-key.pem -out nifi.csr

# Generate a self-signed certificate (valid for 365 days)
openssl x509 -req -days 365 -in nifi.csr -signkey nifi-key.pem -out nifi-cert.pem

Ensure the .pem files have the correct permissions:

chmod 600 nifi-key.pem nifi-cert.pem

Step 2: Create an Environment File
#

Create a .env file in the ~/nifi directory and define the required environment variables:

NIFI_USER=admin
NIFI_PASSWORD=adminpassword

Ensure the .env file is secure by restricting permissions:

chmod 600 ~/nifi/.env

Step 3: Create a Docker Compose File
#

Create a docker-compose.yml file with the following configuration:

version: '3.8'

services:
  nifi:
    image: apache/nifi:2.2.0
    container_name: nifi
    restart: always
    ports:
      - "8443:8443"  # HTTPS Port
    environment:
      - SINGLE_USER_CREDENTIALS_USERNAME=${NIFI_USER}
      - SINGLE_USER_CREDENTIALS_PASSWORD=${NIFI_PASSWORD}
      - NIFI_WEB_HTTP_PORT=
      - NIFI_WEB_HTTPS_PORT=8443
      - NIFI_TOOLKIT_TLS=true
    volumes:
      - ./certs/nifi-cert.pem:/opt/nifi/nifi-current/conf/server.pem
      - ./certs/nifi-key.pem:/opt/nifi/nifi-current/conf/server-key.pem
      - ./nifi_data:/opt/nifi/nifi-current/data
    healthcheck:
      test: ["CMD", "curl", "-k", "https://localhost:8443/nifi"]
      interval: 30s
      retries: 5
      timeout: 10s

Step 4: Deploy NiFi
#

Start the NiFi container using:

cd ~/nifi
docker-compose up -d

Check logs to verify that NiFi has started successfully:

docker logs -f nifi

Step 5: Access Apache NiFi Securely
#

Once NiFi is running, open your browser and navigate to:

https://localhost:8443/nifi

You may need to accept the self-signed certificate warning in your browser. Log in using the credentials from the .env file (admin/adminpassword).

Conclusion
#

With this setup, Apache NiFi runs securely with HTTPS, and authentication credentials are managed via an .env file for better security. You can extend this setup by integrating LDAP, external CA-signed certificates, or advanced security policies. Happy data streaming!