I've built an apache nifi ami using packer and packer's ansible provisioner, NiFi starts bound to only the loopback IP be default, as can be seen from conf/nifi.properties
nifi.web.http.host=127.0.0.1
nifi.web.http.port=8080
nifi.web.http.network.interface.default=
the IP address to bind to cannot be know at the time of making the AMI so we leave this property as it is and create iptables rules instead; as documented here, here and here
The commands I intended to run
sudo sysctl net.ipv4.ip_forward=1
sudo sysctl -w net.ipv4.conf.all.route_localnet=1
sudo iptables -t nat -I PREROUTING -m tcp -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8080
Here's the ansible tasks
- name: All IP forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
sysctl_set: yes
state: present
reload: yes
tags:
- notest
# Setup iptables port formwading from public ip to 127.0.0.1:8080
# This is because we cannot configure the IP on which NiFi listens at the time
# of building AMI, so it runs listening to 127.0.0.1:8080 only
- name: allow routing of traffic from the attached AWS NIC to loopback
sysctl:
name: net.ipv4.conf.all.route_localnet
value: "1"
sysctl_set: yes
state: present
reload: yes
tags:
- notest
- name: Enable portforwarding for Public CIDR block to Nifi localhost port 8080
iptables:
table: nat
chain: PREROUTING
protocol: tcp
match: tcp
destination_port: "80"
jump: DNAT
to_destination: "127.0.0.1:8080"
tags:
- notest
When I build an instance from this AMI sudo iptables -t nat -v -L PREROUTING -n --line-number returns no result.
