Install NiFi, and Confirm it’s Working:
1. Extract NiFi installation file: tar -zxvf filename.tar.gz
2. Start NiFi: bin/nifi.sh start
3. Confirm NiFi is running: bin/nifi.sh status
4. Make sure the firewall allows port 8080: sudo ufw allow 8080
5. Open a web browser and navigate to http://yourdomain.com:8080/nifi
6. Stop NiFi: bin/nifi.sh stop
Secure the NiFi Interface:
1. Extract: NiFi-Toolkit Installation file: tar -zxvf filename.tar.gz
2. Generate NiFi CA root certificate and private key for NiFi instance: bin/tls-toolkit.sh standalone -n “yourdomain.com”
3. Copy the contents of the newly created yourdomain.com directory to the conf directory of the NiFi installation:
cp -rv your nifi-toolkit path/mydomain.com* /your nifi path/conf/.
4. Generate the client certificate (for authentication to NiFi): bin/tls-toolkit.sh standalone -C ‘CN=admin,OU=NiFi’
5. Load the client certificate and public CA certificate into the web browser:
note: You have to use psftp to copy the certificates to your local computer.
6. Populate the Initial Admin Identity for NiFi by modifying the authorizers.xml file in the conf subdirectory:
a. sudo nano conf/authorizers.xml
b. Replace <property name=”Initial User Identity 1″></property> in the userGroupProvider section with <property name=”Initial User Identity 1″>CN=admin,OU=NiFi</property> containing the full Distinguished Name (DN) provided in step 4.
c. Replace <property name=”Initial Admin Identity”></property> in the accessPolicyProvider section with <property name=”Initial Admin Identity”>CN=admin,OU=NiFi</property> containing the full Distinguished Name (DN) provided in step 4.
7. Open up port 9443 in the firewall: sudo ufw allow 9443
8. Start Nifi: bin/nifi.sh start
9. Enter new URI in the browser: https://yourdomain.com:9443/nifi