Apache nifi Security(SSL Authentication)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up guys today we are going to see about configuring security on apache fee now let's get started now let's see how we will configure it so this is my linkedin post configuring ssl tls authentication on apache and this is so this is the link to my previous technique post in which there is mentioned about the installation of the niffy on aws so take it as a prerequisite for those guys who haven't installed it now let's see the architecture architecture consists of the two parts so i'll open it yeah so this one side is the client side and another is the server side so in the client side there is uh the web browser which is configured with a pfx file so that pfx file will be generated after generating the public and private key pair so this pfx file is only file which is responsible for the communication between the server to the client so this is the whole overview of client one now in the server side there are three parts one is keystore another is translator and and the third one is authorization in the keystore part there is the private key pair and public key pair which are generated for the nifi server this part is responsible when we are having a cluster and two three nodes are there so in order to verify and collaborate in a communication there between the nodes this key store is kept for this trust store this trust store is for this trusting of with the client so every client which which you want to get access to the navy sniffy server you just have to place its public key this public key generated in your client that is your desktop so you will copy this public key and so and this authorization consists of the rules like in the organization there is admin role and dfm role and and a lot of variety of roles so this one that what role should be assigned to what person so accordingly that access is given to that person so this is the whole architect overview of so this part so let's decline configuration so now let's get into it so before that there are some prerequisite which is mentioned in my in my post so let's see the prerequisites so um these prequests are you have windows subsystem for linux which is quite important so you can see that this inside this one turn on windows features on and off this one so this is it's opening yeah so here this there is a windows subsystem for linux which should be digged right this is very important and another thing is ubuntu so inside the microsoft store search for the microsoft store so please store this one this one oops that part is opening for me okay let it be now this here i will search for i'm going to ubuntu this one in my case since i have already installed it so it is showing me that to get installed but in your case it will show you about get here like this which let's just show here you will see the get so i will close it [Music] and this one is completed and now this one the security go to crop configuration right so security group configuration should be there so this is my unsecured that is it is less listening to my add report so i will show you right here it will be colon 800 sniping so it's accessing yeah this is the board ltd port this is configured fine and this is listening right now and this is quite good in http port so let me i will show you how about this security group so i will head over to security i will head over to security actually there is a lag soft is using a lot of cpu let me record it this one i will go to the security tab okay scroll down okay so this this is the port configuration so my edd is quite open and a double four three is also open so third prerequisites is also so this make sure you have your own ip configured instead of 0.0.0.0 but for testing purposes you can use so because i am not having like anything you know that type of like i am taking alpha risk but in your production environment if you are using make sure to include the ips you want access to that is your client ips system ips right so now the poor thing is if since our application is working right yeah so in ada depot so what i i want you to do is just it doesn't stop the application so okay yeah so i am doing as a search to my application this one now let's open the new terminal okay now so we'll do so minus so application is right here now this is the terminal let me close my open this one all right so this let's see this inside this get inside this folder enter then get inside pin now ls now what you have to do is slash dot slash and then this leave me down as such sdu stop yeah it's stopping our service okay let's see this status it is important because if if we make changes in the running application it might surely paid right so to save ourselves from glitch we have to do so so now let's manifest it this one also now what we have to do let's hop over to our building post and now uh creating so first step is to create this keys folder so this folder is right here in the app drive it's keys right there so keys is quite empty for me so i will open now this ubuntu oops i'll open it open right in the front of me let it load now the first command is super su minus to get into the room i would like sudo su minus your password now since i am in the root now this keys folder is inside the mnt the mnt folder i will show you this mnd cd slash m and d so it consists of all the drives like ce and f in your case maybe cdf or any others another type of combination so make sure to create one folder keys in your respective directory since i have used this f drive so i will get inside that slash f slash keys oops i have made one mistake yeah now what i have to do is create pps so to do this so what with the username admin q user so now i will copy this command or command from here just to copy this from snippet and open your undo and paste this down hit enter and now it will be generating keepers okay now this is done now packaging our user certificate because we have to generate pfx file so what it is doing is taking input as the public key pair and outputting us the pfx file with and the password used here is super secret this is quite important because we have to configure password everywhere i'll paste it okay so let's see what is yeah there is pfx files and pam file and now what i have to do is get into settings now get into settings now we have to import our gps since we have closure or a beginning so this is showing like this [Music] i will open privacy and security and now i will report to security and then in each satellite i will import one certificate next browse this certificate so that certificate is inside the keys folder all files this open it right here pfx file next we have to use our certificate [Music] ncc super secret that it was our password automatically please write next and finish okay [Music] this is our super secret password which we have used hey now since we are in the root we will make one folder okay so now this is over so now since we have imported our certificate and everything is fine this configuration is done and this step is over so this is the green mark that shows we are done with our client configuration now we have to to do the the configuration so let's see the keystore configuration first so to do so we have to just copy this one and make a directory ssl cd in 2007 and with the key tool command it is not copied right now this is done and now we have to create the certificate before creating we have to just copy this spam file which is available right here so so now whoa i will get inside this one and create a black to create my file and that's it since this file is empty i will be i into this file insert now i will open this dot bam which is available in my desktop right click it open with notepad plus plus now now this is done so this complete the configuration of our cluster store also so now we are done with the client configuration [Music] so keystore configuration and transistor configuration now the last step is the authorization so authorization we have to create one file that is authorized excuses dot xml inside the conform directory so let's get into lift oops i've used touch i've indirectly use this one now copy the contents that is our rules which are there are two rules which i have provided that one is the admin and the other is the dfm so i'll copy it right here to insert paste it and escape for a w all right this one is also over now scroll down we have to specify this file inside our authorizers.xml so open this file move yeah into authorizer store xml this one and go to insert mode go down and now in this one since i have created the file with the name authorized users just specify it right so this one is also done so our addition now our this configuration is also done with the xml now we have to see the nikvi properties configuration so let's see the slide this configuration is also done so we are done with all the three configuration next step is to see how we will implement and to work upon all the properties we have to use this niffy properties also so we have to configure the sniffie properties right away we are going to do it since we are using an ada reports so let's change it to it for four three yeah yeah this one so since i am using the secure communication right now so i will change it to pro and http enabled i will change it to walls right and now i will comment out this port because it is not being used and in https port i will specify 8443 now at the end yeah so i'll fill all the keystone and resistor values so to do so i will specify all the values of here right there so i'll copy so what i'll do is copy all the values from here just paste it because i have created in a root inside ssl so this value is will work fine for simplicity use the same configuration i have used in mind so that these commands which i have mentioned is valid for you also password is same so what i will do is get down and this password is also same now press the type this store is here so it's copied and we switched here type is so copy jks inside the password i'll copy your password fine and let's give golden double q okay so this is done password is also done so what we have to do is start our application so cd dot dot cd dot dot now get inside the pin and auto slash whenever we pass them search okay now let's check the logs let's take it off and let's see okay so truss store find not found exception and another one [Music] so it is not able to find those files so let's see that i have done any let's take cognate so let's see the dot so you can do ssl [Music] okay so we have not generated our in this keystone so class store is not here so i will copy command to generate my class store so this way from here i will copy this plus store command and paste it here okay now our cluster store is generated now i will get inside elastic and get inside my file 1.1.1 now i will get inside pin sh i'll see this currently running so now let's use the lock tails command scroll down oh let's see what is happening okay so our application is working fine and it's listening to it double four three right so i will minimize it right now and get back to the browser so how will we hit the application we have to use this command https slash slash so now i will copy this command and instead of placing your niffy server ip i will pc this ib of my navy server that is unsecure and now i it's connecting okay yeah so this is shown to you and you are also trying because this one and now hit advanced and proceed to this and save okay so when it is asked press okay now our application is quite loading now our application is working on https a double for three port this is our configuration is done in niffy it's quite tedious and if you miss one or two step your application would fade like minefield so make sure to have a better understanding of this sl and make sure to follow all these steps accordingly and if you want more support from us make sure you visit this website architect. thanks for [Music]

Info

Channel: rdtech_in

Views: 854

Rating: undefined out of 5

Keywords: apache nifi, nifi, apache nifi tutorial, apache nifi examples, apache, learn nifi, apache nifi docker, nifi for beginners, nifi training, apache nifi example, apache nifi download, apache nifi function doc, nifi tutorial, nifi training videos, nifi training online, nifi training courses, apache nifi demo, online nifi, apache kafka, apache nifi installation on windows, apache nifi aws, apache nifi https, what is apache nifi

Id: 9F6DnsD8TSo

Channel Id: undefined

Length: 29min 31sec (1771 seconds)

Published: Wed Apr 07 2021