Traefik proxy routing NiFi UI on Docker

Traefik Traefik v2 (latest)
,
1

Hey Traefik community,

I am trying to dockerise the 3 services Zookeeper, NiFi and NiFi Registry below is the docker-compose.yml file

version: "3.7"
services:
    # configuration manager for NiFi
    zookeeper:
        hostname: myzookeeper
        # container_name: zookeeper_container_persistent
        image: zookeeper:latest  
        restart: on-failure
        environment:
            - ALLOW_ANONYMOUS_LOGIN=yes
        networks:
            - apache-nifi-internal
        deploy:
            restart_policy:
                condition: any
                delay: 5s
                max_attempts: 3
                window: 120s
# version control for nifi flows
    registry:
        user: root
        hostname: myregistry
        # container_name: registry_container_persistent
        image: apache/nifi-registry:latest 
        restart: on-failure
        environment:
            - LOG_LEVEL=INFO
            - NIFI_REGISTRY_DB_DIR=/opt/nifi-registry/nifi-registry-current/database
            - NIFI_REGISTRY_FLOW_PROVIDER=file
            - NIFI_REGISTRY_FLOW_STORAGE_DIR=/opt/nifi-registry/nifi-registry-current/flow_storage
        volumes:
            - nifi_registry_database:/opt/nifi-registry/nifi-registry-current/database
            - nifi_registry_flow_storage:/opt/nifi-registry/nifi-registry-current/flow_storage
        networks:
            - apache-nifi-internal
            - traefik_webgateway
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-registry.loadbalancer.server.port=18080
                # middlewares
                - traefik.http.middlewares.nifi-registry-prefix.stripprefix.prefixes=/nifi-registry
                - traefik.http.middlewares.nifi-registry-headers.headers.customrequestheaders.X-Forwarded-Proto=https
                # - traefik.http.middlewares.nifi-registry-redirect.redirectscheme.scheme=https
                # Routers
                - traefik.http.routers.nifi-registry.middlewares=nifi-registry-prefix,nifi-registry-headers
                - traefik.http.routers.nifi-registry.service=nifi-registry
                - traefik.http.routers.nifi-registry.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-registry.tls=true
                - traefik.http.routers.nifi-registry.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi-registry`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s
    nifi:
        user: root
        hostname: mynifi
        # container_name: nifi_container_persistent
        image: apache/nifi:latest
        restart: on-failure
        environment:
            - NIFI_WEB_HTTP_PORT=8443
            - NIFI_WEB_PROXY_CONTEXT_PATH=/
            # - NIFI_CLUSTER_IS_NODE=true
            # - SINGLE_USER_CREDENTIALS_USERNAME=admin
            # - SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB
            # - NIFI_CLUSTER_NODE_PROTOCOL_PORT=8082
            # - NIFI_ZK_CONNECT_STRING=myzookeeper:2181
            # - NIFI_ELECTION_MAX_WAIT=30 sec
            # - NIFI_SENSITIVE_PROPS_KEY='12345678901234567890A'
            # - DOCKER_HEALTHCHECK_TEST=curl $DOCKER_HOST_URL/nifi/
        # healthcheck:
        #     test: "${DOCKER_HEALTHCHECK_TEST:-curl $DOCKER_HOST_URL/nifi/}"
        #     interval: "60s"
        #     timeout: "3s"
        #     start_period: "5s"
        #     retries: 5
        volumes:
            - nifi_database_repository:/opt/nifi/nifi-current/database_repository
            - nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository
            - nifi_content_repository:/opt/nifi/nifi-current/content_repository
            - nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository
            - nifi_state:/opt/nifi/nifi-current/state
            - nifi_logs:/opt/nifi/nifi-current/logs
            - nifi_conf:/opt/nifi/nifi-current/conf
        networks:
            - apache-nifi-internal
            - traefik_webgateway
        deploy:
            labels:
                # traefik
                - traefik.enable=true
                # service
                - traefik.http.services.nifi-flow.loadbalancer.server.port=8443
                # middlewares
                - traefik.http.middlewares.nifi-prefix.stripprefix.prefixes=/nifi
                - traefik.http.middlewares.nifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https
                # - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
                # Routers
                - traefik.http.routers.nifi-flow.middlewares=nifi-prefix,nifi-headers
                - traefik.http.routers.nifi-flow.service=nifi-flow
                - traefik.http.routers.nifi-flow.entrypoints=$TRAEFIK_HTTPS_ENTRYPOINT
                - traefik.http.routers.nifi-flow.tls=true
                - traefik.http.routers.nifi-flow.rule=Host(`$DOCKER_HOST_URL`) && PathPrefix(`/nifi`)
            restart_policy:
                condition: any
                delay: 120s
                max_attempts: 3
                window: 60s
            
networks:   
  apache-nifi-internal:
  traefik_webgateway:
    external: true
            
volumes:    
  nifi_conf: {external: true}
  nifi_database_repository: {external: true}
  nifi_flowfile_repository: {external: true}
  nifi_content_repository: {external: true}
  nifi_provenance_repository: {external: true}
  nifi_state: {external: true}
  nifi_logs: {external: true}
  nifi_registry_database: {external: true}
  nifi_registry_flow_storage: {external: true}
  # nifi_database_repository:
  #   external: true

When I try to access my host domain along with the /nifi that is https://domain_name/nifi/

image

when I trying this link https://domain_name/nifi/nifi/ I get the below error message

image
image1714×158 13.3 KB

I should be able to access the NiFi UI from my domain using the https://domain_name/nifi/ what could be the issue that is causing the error, any ideas or suggestions would be really helpful

2

What is the default URL for the Nifi Ui (without a container)? Is is / or /nifi?

3

Its /nifi I was able to get past the issue by adding the variable - NIFI_WEB_PROXY_CONTEXT_PATH=/nifi,/nifi-docs,/nifi-api,/ I have an other issue now though which is weird, I see that the IP the container is running and the traefik UI service shows are different.

So I am applying the - traefik.docker.network=apache-nifi-internal label still it doesn't seem to take the right IP of the container. I saw posts where it was mentioned that incase the deployment is done via swarm mode then the stack name also needs to be added. Tried that too and still had no luck.

The traefik_webgateway network is the network created for Traefik which is defined as external, apache-nifi-internal is created on the fly. So which network needs to be provided in the traefik.docker.network label

4

You use the striprefix middleware, but to me it seems you actually want to keep the full url https://domain_name/nifi/.

You can use any network as long it is the same for Traefik and your services. You can set provider.docker.network in the Traefik static configuration if you want to prefer a network to be used. I would not put the network in any labels if you don't have a specific reason to do so, it's not required.

Check Traefik Dashboard and Traefik debug logs to see what is happening.