Changed default certs (fixes issues with certain browsers).

Author: vladd-bit

config/jupyterhub_config.py

@@ -301,8 +301,8 @@ def per_user_limit(role):
 
 # TLS config
 c.JupyterHub.port = jupyter_hub_ssl_port
-c.JupyterHub.ssl_key = os.environ.get("SSL_KEY", "/srv/jupyterhub/root-ca.key")
-c.JupyterHub.ssl_cert = os.environ.get("SSL_CERT", "/srv/jupyterhub/root-ca.pem")
+c.JupyterHub.ssl_key = os.environ.get("SSL_KEY", "/srv/jupyterhub/security/nifi.key")
+c.JupyterHub.ssl_cert = os.environ.get("SSL_CERT", "/srv/jupyterhub/security/nifi.pem")
 
 # Persist hub data on volume mounted inside container
 data_dir = os.environ.get("DATA_VOLUME_CONTAINER", "")

docker/docker-compose-dev.yml

@@ -13,15 +13,13 @@ services:
       - JUPYTERHUB_INTERNAL_PROXY_API_PORT=${JUPYTERHUB_INTERNAL_PROXY_API_PORT:-8887}
       - JUPYTERHUB_SSL_PORT=${JUPYTERHUB_SSL_PORT:-443}
     env_file:
-      - ${DEPLOYMENT_ENV_FILE_PATH_GENERAL:-../env/general.env}
-      - ${JUPYTERHUB_ENV_FILE_PATH_CONFIG:-../env/jupyter.env}
-    user: "root"
+      - ../env/general.env
+      - ../env/jupyter.env
     volumes:
       - jupyter-hub-shared-scratch:/home/jovyan/scratch
       - jupyter-hub-vol:/srv/jupyterhub
       # Security configs
-      - ./${DEFAULT_SECURITY_DIR:-../security/}root-ca.key:/srv/jupyterhub/root-ca.key:ro
-      - ./${DEFAULT_SECURITY_DIR:-../security/}root-ca.pem:/srv/jupyterhub/root-ca.pem:ro
+      - ./${DEFAULT_SECURITY_DIR:-../security/}:/srv/jupyterhub/security:ro
       - ../config/jupyterhub_cookie_secret:/srv/jupyterhub/jupyterhub_cookie_secret:ro
       # User list and jupyter config
       - ../config/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py:ro
@@ -40,24 +38,15 @@ services:
       - "${JUPYTERHUB_INTERNAL_PORT:-8888}:${JUPYTERHUB_SSL_PORT:-443}"
     networks:
       - cognet
-    extra_hosts:
-      - ${ELASTICSEARCH_1_HOST_NAME:-test-1:0.0.0.0}
-      - ${ELASTICSEARCH_2_HOST_NAME:-test-2:0.0.0.0}
-      - ${ELASTICSEARCH_3_HOST_NAME:-test-3:0.0.0.0}
-      - ${KIBANA_HOST_NAME:-test-4:0.0.0.0}
-      - ${NIFI_HOST_NAME:-test-5:0.0.0.0}
 
 volumes:
   jupyter-hub-vol:
     driver: local
   jupyter-hub-shared-scratch:
     driver: local
 
-#---------------------------------------------------------------------------#
-# Docker networks.                                                          #
-#---------------------------------------------------------------------------#
 networks:
   cognet:
     name: cogstack-net
-    external: true
+
 

env/jupyter.env

@@ -32,8 +32,8 @@ DOCKER_NOTEBOOK_IDLE_TIMEOUT=7200
 DATA_VOLUME_CONTAINER=""
 
 # These don't really need to be changed.
-SSL_KEY="/srv/jupyterhub/root-ca.key"
-SSL_CERT="/srv/jupyterhub/root-ca.pem"
+SSL_KEY="/srv/jupyterhub/security/nifi.key"
+SSL_CERT="/srv/jupyterhub/security/nifi.pem"
 
 DOCKER_NETWORK_NAME="cogstack-net"
 

scripts/update_env_cert_from_nifi_repo.sh

@@ -13,5 +13,7 @@ elif [[ -d scripts || -f Makefile || -f README.* || -d src || -d app ]]; then
 fi
 
 curl https://raw.githubusercontent.com/CogStack/CogStack-NiFi/refs/heads/main/deploy/general.env > ${OUTPUT_DIR_PATH_PREFIX}env/general.env
+curl https://raw.githubusercontent.com/CogStack/CogStack-NiFi/refs/heads/main/security/certificates/nifi/nifi.key > ${OUTPUT_DIR_PATH_PREFIX}security/nifi.key
+curl https://raw.githubusercontent.com/CogStack/CogStack-NiFi/refs/heads/main/security/certificates/nifi/nifi.pem > ${OUTPUT_DIR_PATH_PREFIX}security/nifi.pem
 curl https://raw.githubusercontent.com/CogStack/CogStack-NiFi/refs/heads/main/security/certificates/root/root-ca.key > ${OUTPUT_DIR_PATH_PREFIX}security/root-ca.key
 curl https://raw.githubusercontent.com/CogStack/CogStack-NiFi/refs/heads/main/security/certificates/root/root-ca.pem > ${OUTPUT_DIR_PATH_PREFIX}security/root-ca.pem

security/nifi.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC12QJ+hjgkME4W
+mjKVFFTtZMPxultiWx6Aw/QZbI1SxmiyWdqtFftR0h4BFekZo7ahdOQAXHdLtHhP
+yhJ2tjkrhRmCPIBwFNLQZtInPxjpLuTVQe3UfLymSulrUYRQ3xcIPuswJuF6bmhJ
+Fn43sWv7DSIbwDlGDD8EWP578qFAknfO9/ykhxYaACjvGGHlRLLxYDqnC4PH7xQ0
+79Yo48NVz3Xx8AVgktnrSTCraZxA+JXLA034+0HwsSJdXwnJbnWdGb6RIKBCn7t+
+cqbOJd5FDLMh09OBCxE/AnYG91bCT7DrYMIAUOWVo1UbKHqlUB2WGnWvshFNccJ4
+OAX26MHQ1ufevbYmL9zT8LzQjn2i5WDvCeOT1nEw9AkEcOGs2qbxVShhDznuTJR7
+BYx/7NUE9roQp7V71/4UUht9pDfNd1QyFpR/4jntc58Q1JtYgzHqSdXOmNObZF9g
+LNd1GKxwQ1Z3yooMY+F11mlUtumUbr1vpu4RLOjrTiKVzBhaAnll1C0u1qMSdywv
+f7GK8P9RrBpJCMyDFP9Rk2LccX4XDuFDhaP/89SFUfrGasKLsWiRsmaHovNOjQjA
+AWdCg2mA7/daX8hiZHwqB9lEBiUni+7hfCUpmpeLFkmXdwkHTLvNXlWtvZociX0M
+aLXs47qRxIs94WlxpOAqQHMzSWyoCwIDAQABAoICABSRc8YafvseOOw24LBwA53I
+9J4WIAP4nnNItrFcJS1O98SZ2TFpTRXXbZazLbxoAgjdDx+OAIhK5K4nAv5JD3UB
+XFNDbfDqH2DRtcTD+ZirudeihLiwqyh7907bgjB2K0Vpfcc30++50TMtx3TxLRom
+RXdcv0hRq5xdnIXUebIItGMait7pJfIm68+vXaia+Upyl0URo67XjIeNoRba5tsr
+2KwBeU+Pt0pKQFEDDwNiRT8YeUHyLrvUrThhFDBOaCCEKu6ArDUc8A4WAGaiGIk4
+LdgOUjFEWTJb9ZGazvCyJtFYuQNkIwj718J3Sk1XHyGSjevOI5reL8rSkLTOutfS
+qZE4uFh80plgaXgzPcOKBQSoO/Nx3jnuFTmm8p+Co7QCSyCKaLeqsEw5BWVFDj7I
+yjOtyRDe4i864ybTO4f6/u1fzhns7uvg6/a7UFl9xz/2739FuoddOAcNGChLlGSi
+x4xOHyNPpjkBVrD9JEfYlUFEwMfI14Ifyhl8hBC56UmJEOx3EXW3YlZFor4XtG3O
+mw+UyHTJuj/miPzENavWm5TesYblWNj8fLEy/eBWgHBf9q+3s/TrNnbrUfAgPbZ7
+MYoqGLHKxTLWpQ9LbEH/oY8Ul4XiqJ0U3GDJdfeXeyQnAW9evdhOgev/P1SaCnqZ
+87GyAI3Nbnha3oLatTshAoIBAQDnUe0xCzeTDjG3oe+PdAHoYAwtjxuOe2TMfDZu
+dz/MxYBpR373bvHguCdv4JHmo12hSs1wNnt7rbCV0bUYUo7wXOFMmHJz1G3VctX9
+iS2GOKii0aJyLblrsDEsiabsq68qLHn1sk6ZIwlOOzasgs0Zt0qxNkH7sG71oz6v
+rrlhNWf6Wi61GgrBDnFKykdDMedOBt5lYnBkdXtpKZ6jertFQ+Lr4m4bXRIPa8uh
++pqvczqlmJp/PsY+IqTbtiiQVqvNRDU/ErAEq3F/q44WQMKpH2twtB7K5Dv6zAkp
+treVqSY2MsS1K2VaOl6opmGp5SWQN5YFLHxdVhWYzbHENkbpAoIBAQDJP9bPIQBw
+Q9Ez042x9KZ/mO8crt8uF8mQrqK4EBagOR2lHE0rQCC0P4zMhvGZrV2B1hHsb7Do
+YGMZkR7fNK4U5gj52IlJKTeyh/fR9+qKYeKDJBleDLzXzfT3Qot7P+aWG2cy9asv
+R/2egCOqBtP3Hljsh6X4Tr1AJ1iKTAWuew9twiPu3ODRfU2TbS3n9xUHdDOYG8Lo
+AzrpkMdInzoeChzylzhqH4LqgQ+nlv5HfGmdv2jPIKcwRpISZDLPEfSrb8ECriYc
+EYvBoEdKsJxgdzug4+ntYjqK2fwnSI8eSR3WsWQE6fiVJ78jhenl2iSzeekBNJt2
+9Wygx1BwGMbTAoIBABpTzb4uO6YGEIyI5r4aAvmSrPAmgIln6+IGJR/PfLhuph3V
+YFMDEo50BzEJizGH2Gk6HUWvPcCm1RlII+dfxhr/RzkzhJtASzvm9QoFKeRD4JWf
+bHC4WYkzJXWfORtosugG5d6b66wsO6vmu2NJA9TwcpTWyw29V/OnH8RZC4pPzMTG
+rNg53Y15elV7zj6MmHnd+EPrv0T/xgsDDKYomtXYUyRrwgJlRl/w8d0+q4pagAtG
+4hana2K5CLBk/BrpcmZLZBAIrXXqmWFhgitwNXeQNuc96N9IuLbjsAtKW3yyIsI6
+Zv8DsGZjjFB/l1AB35OZb/6owILTAGRCzP+6+bkCggEAUjB1PQBAWpkHvj++1ZeR
+y/icZr1wPjXOxvzbTYqcgvDwj3bgeTJmaNavXPQbhWSNFLJlfYcb27tJna5rykKM
+edJ8hfUOFEf2DD6FUkYKjlttk5tRlNxk30moqraNmlc9h75HRkOYluWyyWGRryW8
+uWa2cFrxyFf36FRpT4m+pERzx6KK5Elms4eWAAiNv/djqjilvZBQ6EoxbCQJjzog
+FRaSPezOSGD4KWduCkabMHy58YezeSvfu9KGY2ZybajqoH0yeTLAM6RizD/1/aXl
+J2xqeMm7xovgVsaxuSVj9b1spzqpG2ymbdvertZI8OtHI9k89JYUi9+tbngX/L/R
+qwKCAQB2Y0mpUARo60Do8WnBezgnlHQXNzHy87DLw3cxypmSs87FXTexx4/1sDvw
+XruHjLDP3Y0+HsXhwnFYv3ZR4H6uKoDIhpt5pvTX6WAWAX4E6s4eNUnrvOOKTB5A
+cVqDWei5DY7bKMz8fackZVDdLMj0/CH2BAQHrWD3MibOPxdr+6vQCjI5VGUwCAv2
+ML9DnA9JXefoRpM2n2Mjq0MAiKYEALUOjfe9hzTJgQiWd12sa8jARngMhVx4speq
+2KK7KAWTQw4+eQw/Qo7odXI8uqikRGs4FNNIEv5nxDgzZcF6VDAPoswlpr0/szq0
+cBzkM2wmX4CT709DvH5BivqKANtQ
+-----END PRIVATE KEY-----

security/nifi.pem

@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIH5TCCBc2gAwIBAgIUL8Q8IkSbyOkamFbESVZaIDKbbWowDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVUsxDzANBgNVBAgMBkxvbmRvbjELMAkGA1UEBwwCVUsx
+ETAPBgNVBAoMCGNvZ3N0YWNrMREwDwYDVQQLDAhjb2dzdGFjazERMA8GA1UEAwwI
+Y29nc3RhY2swHhcNMjUwOTIzMTU1MDQwWhcNMjkwOTIyMTU1MDQwWjBkMQswCQYD
+VQQGEwJVSzEPMA0GA1UECAwGTG9uZG9uMQswCQYDVQQHDAJVSzERMA8GA1UECgwI
+Y29nc3RhY2sxETAPBgNVBAsMCGNvZ3N0YWNrMREwDwYDVQQDDAhjb2dzdGFjazCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALXZAn6GOCQwThaaMpUUVO1k
+w/G6W2JbHoDD9BlsjVLGaLJZ2q0V+1HSHgEV6RmjtqF05ABcd0u0eE/KEna2OSuF
+GYI8gHAU0tBm0ic/GOku5NVB7dR8vKZK6WtRhFDfFwg+6zAm4XpuaEkWfjexa/sN
+IhvAOUYMPwRY/nvyoUCSd873/KSHFhoAKO8YYeVEsvFgOqcLg8fvFDTv1ijjw1XP
+dfHwBWCS2etJMKtpnED4lcsDTfj7QfCxIl1fCcludZ0ZvpEgoEKfu35yps4l3kUM
+syHT04ELET8Cdgb3VsJPsOtgwgBQ5ZWjVRsoeqVQHZYada+yEU1xwng4BfbowdDW
+5969tiYv3NPwvNCOfaLlYO8J45PWcTD0CQRw4azapvFVKGEPOe5MlHsFjH/s1QT2
+uhCntXvX/hRSG32kN813VDIWlH/iOe1znxDUm1iDMepJ1c6Y05tkX2As13UYrHBD
+VnfKigxj4XXWaVS26ZRuvW+m7hEs6OtOIpXMGFoCeWXULS7WoxJ3LC9/sYrw/1Gs
+GkkIzIMU/1GTYtxxfhcO4UOFo//z1IVR+sZqwouxaJGyZoei806NCMABZ0KDaYDv
+91pfyGJkfCoH2UQGJSeL7uF8JSmal4sWSZd3CQdMu81eVa29mhyJfQxotezjupHE
+iz3haXGk4CpAczNJbKgLAgMBAAGjggKNMIICiTAMBgNVHRMBAf8EAjAAMA4GA1Ud
+DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwggIIBgNV
+HREEggH/MIIB+4IEbmlmaYISbmlmaS1yZWdpc3RyeS1mbG93gg1uaWZpLXJlZ2lz
+dHJ5ggpuaWZpLW5naW54gg9lbGFzdGljc2VhcmNoLTGCD2VsYXN0aWNzZWFyY2gt
+MoIPZWxhc3RpY3NlYXJjaC0zggtvY3Itc2VydmljZYIVb2NyLXNlcnZpY2UtdGV4
+dC1vbmx5ghRtZWRjYXQtdHJhaW5lci1uZ2lueIIRbWVkY2F0LXRyYWluZXItdWmC
+HW5scC1tZWRjYXQtc2VydmljZS1wcm9kdWN0aW9ugiJubHAtbWVkY2F0LXNlcnZp
+Y2UtcHJvZHVjdGlvbi1kZWlkgg9jb2dzdGFjay1raWJhbmGCD2NvZ3N0YWNrLWNv
+aG9ydIIYY29nc3RhY2stZWxhc3RpY3NlYXJjaC0xghhjb2dzdGFjay1lbGFzdGlj
+c2VhcmNoLTKCGGNvZ3N0YWNrLWVsYXN0aWNzZWFyY2gtM4INY29nc3RhY2stbmlm
+aYITY29nc3RhY2stbmlmaS1uZ2lueIIbY29nc3RhY2stbmlmaS1yZWdpc3RyeS1m
+bG93ghVjb2dzdGFjay1hdXRoLXNlcnZpY2WCCGNvZ3N0YWNrggoqLmNvZ3N0YWNr
+gglsb2NhbGhvc3SHBH8AAAGBEmFkbWluQGNvZ3N0YWNrLm5ldDAdBgNVHQ4EFgQU
+w4s/eH4/MgL0QFbHYVYa31bkPR0wHwYDVR0jBBgwFoAUE0cnEJt3wEkLed508BIF
+InehbX4wDQYJKoZIhvcNAQELBQADggIBACP0hymKsuSiIKXWPacMhehc+Pr2nUes
+ilzayYf7w2BW4j9NwUmrJxjh8XgkUvFzwi+oQPo7SVGcaPsVfMa1hdKn9+XP0mH5
+y5to1+u2p2dTYEViozHJXpDF+HG9AhX8/4vIWl66bofSQWWDgMGfd8gSmdZNbHOw
+hIY1LcpNd2XqG2JmF1osZi8hnndhApFk53QCwsL3kSccD/vjDwfRsLs2KNk42k3P
+gZIy/e5VZd6UBENJUVOxwAQ/Jp8luxKJV3Q0zy7UbREcdC7w7/lzeQONpgsRhWMb
+JjQIBSLkYtQ210RZDJwm79BgwPzHrsFgcB20QwG0LUNYnGdAEZnaqL6SqBPC5/Zn
+uisNAQWffyhOjxdkh1M5SlbEZXPpkcelxVBxytKr4DHp8knf9OQ0bPMFkGIcSvmK
+dGdoNtC5ULMWekrcbHYGNwOOiL/h1z7Baj2PboldWuWHa8IIOY56xOrqZs003HvS
+zp5t38OD8UHb+xRhBZ+otS/Q0NWv0UK+ih/KHn0BBMc0lSW019H3RtWTMqsPKJQa
+SkYVkC3hqdlYZEypbR+wnkHkwfFHKbgs5abMZ4RL0A8IE8AbkVV7Kklm/pmgEie6
+nVwoaKv3sS9LY7Y1IqgK0+lK+Qck/8wDAdbHAsNhf9vLlq67jWf7UySwa5E+abnO
+wstUgZZ/eHZd
+-----END CERTIFICATE-----