Installing Apache NiFi Using Docker Compose with HTTPS

2-minute read
NIFI

Installing Apache NiFi Using Docker Compose with HTTPS

Apache NiFi can be deployed quickly using Docker Compose, ensuring a scalable and secure setup. In this guide, we will set up Apache NiFi with HTTPS enabled using a self-signed certificate and store authentication credentials in an .env file.

Prerequisites

Before proceeding, ensure you have:

  • Docker and Docker Compose installed.
  • OpenSSL for generating self-signed certificates.
  • A basic understanding of Docker networking.

Step 1: Generate SSL Certificates

Run the following commands to generate a self-signed certificate and private key:

mkdir -p ~/nifi/certs
cd ~/nifi/certs

# Generate a private key
openssl genpkey -algorithm RSA -out nifi-key.pem

# Generate a certificate signing request (CSR)
openssl req -new -key nifi-key.pem -out nifi.csr

# Generate a self-signed certificate (valid for 365 days)
openssl x509 -req -days 365 -in nifi.csr -signkey nifi-key.pem -out nifi-cert.pem

Ensure the .pem files have the correct permissions:

chmod 600 nifi-key.pem nifi-cert.pem

Step 2: Create an Environment File

Create a .env file in the ~/nifi directory and define the required environment variables:

NIFI_USER=admin
NIFI_PASSWORD=adminpassword

Ensure the .env file is secure by restricting permissions:

chmod 600 ~/nifi/.env

Step 3: Create a Docker Compose File

Create a docker-compose.yml file with the following configuration:

version: '3.8'

services:
  nifi:
    image: apache/nifi:2.2.0
    container_name: nifi
    restart: always
    ports:
      - "8443:8443"  # HTTPS Port
    environment:
      - SINGLE_USER_CREDENTIALS_USERNAME=${NIFI_USER}
      - SINGLE_USER_CREDENTIALS_PASSWORD=${NIFI_PASSWORD}
      - NIFI_WEB_HTTP_PORT=
      - NIFI_WEB_HTTPS_PORT=8443
      - NIFI_TOOLKIT_TLS=true
    volumes:
      - ./certs/nifi-cert.pem:/opt/nifi/nifi-current/conf/server.pem
      - ./certs/nifi-key.pem:/opt/nifi/nifi-current/conf/server-key.pem
      - ./nifi_data:/opt/nifi/nifi-current/data
    healthcheck:
      test: ["CMD", "curl", "-k", "https://localhost:8443/nifi"]
      interval: 30s
      retries: 5
      timeout: 10s

Step 4: Deploy NiFi

Start the NiFi container using:

cd ~/nifi
docker-compose up -d

Check logs to verify that NiFi has started successfully:

docker logs -f nifi

Step 5: Access Apache NiFi Securely

Once NiFi is running, open your browser and navigate to:

https://localhost:8443/nifi

You may need to accept the self-signed certificate warning in your browser. Log in using the credentials from the .env file (admin/adminpassword).

Conclusion

With this setup, Apache NiFi runs securely with HTTPS, and authentication credentials are managed via an .env file for better security. You can extend this setup by integrating LDAP, external CA-signed certificates, or advanced security policies. Happy data streaming!