ssl - 如何在 Windows 上使用 ssl 和 docker 桌面

Question

我在 docker 中有一个开发环境，我正在使用 Nifi 1.13.2，它工作正常(http)。
我升级了 Nifi 以使用仅以 HTTPS 启动的 1.15.3 版，但它不再工作了。
docker 撰写:

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver

来自 nifi-app.log 的日志:

nifi-app_2022-03-16_14.0.log:36362:2022-03-16 14:36:43,370 INFO [main] org.apache.nifi.web.server.JettyServer Created HostHeaderHandler [HostHeaderHandler for 2dec0477131a:8443}]
nifi-app_2022-03-16_14.0.log:139435:2022-03-16 14:37:07,253 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@36b53f08{SSL, (ssl, http/1.1)}{2dec0477131a:8443}
nifi-app_2022-03-16_14.0.log:139933:2022-03-16 14:37:07,292 INFO [main] org.apache.nifi.web.server.JettyServer https://2dec0477131a:8443/nifi

访问 https://localhost:10000/nifi 时出现日志错误:

2022-03-16 14:39:15,572 WARN [NiFi Web Server-16] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/nifi]
2022-03-16 14:39:15,655 WARN [NiFi Web Server-20] o.a.nifi.web.server.HostHeaderHandler Request host header [localhost:10000] different from web hostname [2dec0477131a(:8443)]. Overriding to [2dec0477131a:8443/favicon.ico]

[![在此处输入图像描述][1]][1]
当我在浏览器中打开时，我在 docker 桌面上看到它会打开 http://localhost:10000/nifi，我该如何更改这个 url？
更新1:
我找到了这篇文章:https://www.javahelps.com/2022/01/run-apache-nifi-in-docker-with-ssl.html所以我的 docker-compose 看起来像这样:

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=jhiihihhu
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST=0.0.0.0:8443
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr+7s+7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 10000:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.jks    

我仍然有同样的错误。
[1]:/image/OGqE6.png
更新 2:
它与以下 docker compose 一起使用:

services:
  nifi:
    image: apache/nifi:1.15.3
    container_name: nifi
    environment:
      - JAVA_TOOL_OPTIONS=-Dfile.encoding=utf8
      - NIFI_WEB_HTTPS_PORT=8443
      - SINGLE_USER_CREDENTIALS_USERNAME=khiuiuiuh
      - SINGLE_USER_CREDENTIALS_PASSWORD=e9o6dQhlEDusiq6oKUpzp8ZtW/Bjim6q2U0SxyBO6JA
      - NIFI_SENSITIVE_PROPS_KEY=rHkWR1gDNW3R
      - NIFI_WEB_PROXY_HOST='localhost:8443,localhost:10000'
      - NIFI_WEB_HTTPS_HOST=0.0.0.0
      - NIFI_CLUSTER_ADDRESS=0.0.0.0
      - NIFI_REMOTE_INPUT_HOST=0.0.0.0
      - AUTH=tls
      - KEYSTORE_PATH=/opt/certs/keystore.jks
      - KEYSTORE_TYPE=JKS
      - KEYSTORE_PASSWORD=cjwC2UU/ZBxhlNyjFbK1QCE/bqNxq9WONwCPq8HbyRk
      - TRUSTSTORE_PATH=/opt/certs/truststore.jks
      - TRUSTSTORE_TYPE=JKS
      - TRUSTSTORE_PASSWORD=1ab4TYRgYw7HMY4Dr+7s+7gVDrPBbZPGp4g/t5VhJG4
      - NIFI_SECURITY_USER_AUTHORIZER=single-user-authorizer
      - NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER=single-user-provider      
    ports:
      - 8443:8443
      - "9001-9100:9001-9100"
    volumes:
      - ./data/nifi/content:/opt/nifi/nifi-current/content_repository:rw
      - ./data/nifi/database:/opt/nifi/nifi-current/database_repository:rw
      - ./data/nifi/flowfile:/opt/nifi/nifi-current/flowfile_repository:rw
      - ./data/nifi/provenance:/opt/nifi/nifi-current/provenance_repository:rw
      - ./data/nifi/state:/opt/nifi/nifi-current/state:rw
      - ./data/db/driver:/opt/driver
      - ./keystore.jks:/opt/certs/keystore.jks
      - ./truststore.jks:/opt/certs/truststore.

2022 年 3 月 30 日更新:
我已经使用新版本几天了，每次启动 Nifi 时，我都会收到错误消息:提供的用户名和密码无效。
我必须运行 docker-compose 并重新开始。
另外我想启用匿名身份验证，即使我将 NIFI_SECURITY_ALLOW_ANONYMOUS_AUTHENTICATION 设置为 true ，它也不起作用。

Answer 1

尝试在 docker-compose 的环境部分添加 NIFI_WEB_PROXY_HOST=localhost:8443。此外，您必须检查是否可以将端口 10000 用于 Nifi。