From f1fad6cff6c224fa15245af6ee146a6480517995 Mon Sep 17 00:00:00 2001
From: Aldrin Piri <aldrin@apache.org>
Date: Tue, 23 Jan 2018 10:43:45 -0500
Subject: [PATCH] MINIFI-4788 Exposing nifi.web.proxy.host configuration for
 Docker containers.

---
 nifi-docker/dockerhub/README.md    | 3 +++
 nifi-docker/dockerhub/sh/secure.sh | 7 +++++++
 nifi-docker/dockerhub/sh/start.sh  | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index d87765e96f76..2998aa082964 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -123,3 +123,6 @@ can be published to the host.
 | HTTP Port                | nifi.web.http.port            | 8080  |
 | HTTPS Port               | nifi.web.https.port           | 8443  |
 | Remote Input Socket Port | nifi.remote.input.socket.port | 10000 |
+
+**NOTE**: If mapping the HTTPS port specifying trusted hosts should be provided for the property _nifi.web.proxy.host_.  This property can be specified to running instances
+via specifying an environment variable at container instantiation of _NIFI\_WEB\_PROXY\_HOST_.
diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh
index 460900539651..2de53c60ff57 100644
--- a/nifi-docker/dockerhub/sh/secure.sh
+++ b/nifi-docker/dockerhub/sh/secure.sh
@@ -52,6 +52,13 @@ prop_replace 'nifi.web.https.port'  '8443'
 prop_replace 'nifi.web.https.host'  "${hostname}"
 prop_replace 'nifi.remote.input.secure' 'true'
 
+# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately
+if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
+    echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode.  The NiFi UI may be inaccessible if using port mapping.'
+else
+    prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
+fi
+
 # Establish initial user and an associated admin identity
 sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
 sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh
index df79ad6de7b2..d1c2754edfc6 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -41,6 +41,11 @@ case ${AUTH} in
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
         ;;
+    *)
+        if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
+            echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode.  Will not update nifi.web.proxy.host.'
+        fi
+        ;;
 esac
 
 # Continuously provide logs so that 'docker logs' can    produce them