Application Stacks Azure

Apache NiFi on Ubuntu 24.04 on Azure User Guide

Last updated: 2026-06-16 | Product: Apache NiFi on Ubuntu 24.04 LTS on Azure

Overview

Apache NiFi is the open-source platform for automating the flow of data between systems — ingest, route, transform, enrich and deliver data with a visual, drag-and-drop processor canvas, full data provenance and back-pressure-aware queuing. This cloudimg image installs Apache NiFi 2.9.0 on OpenJDK 21, fronts its mandatory HTTPS listener with an nginx reverse proxy on port 80, persists all flow configuration and repositories on a dedicated Azure data disk, and generates a unique single-user login on the first boot of every VM. Backed by 24/7 cloudimg support.

What is included:

Apache NiFi 2.9.0 running on OpenJDK 21, installed at /opt/nifi
The NiFi web UI canvas served over HTTPS, fronted by an nginx reverse proxy on port 80 (NiFi binds loopback 127.0.0.1:8443)
Mandatory single-user authentication with a per-VM username nifi and a unique password generated at first boot, in a root-only file
A dedicated Azure data disk at /var/lib/nifi holding the flow configuration and the flowfile, content, provenance and database repositories — separate from the OS disk and re-provisioned with every VM
nifi.service + nginx.service as systemd units, enabled and active
24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2ms (2 vCPU / 8 GiB RAM) is the recommended minimum — NiFi is a JVM application and needs headroom; scale up for heavier dataflows. NSG inbound: allow 22/tcp from your management network and 80/tcp from the networks that need the NiFi UI (front the proxy with TLS for public exposure — see Enabling a trusted certificate).

Step 1 — Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Apache NiFi by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size (Standard_B2ms or larger); under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create → Create.

Step 2 — Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name nifi \
  --image <marketplace-image-urn> \
  --size Standard_B2ms \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name nifi --port 80 --priority 1010

Step 3 — Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 — Confirm the services are running

NiFi takes one to three minutes to fully start on first boot. Once it is up, both services report active and the proxied UI answers:

systemctl is-active nifi.service nginx.service
curl -sk -o /dev/null -w '%{http_code}\n' http://127.0.0.1/nifi/

Both services report active, and the proxied NiFi UI returns 200.

NiFi services active and the UI reachable through nginx

Step 5 — Retrieve your login

The single-user username is nifi; the password is generated uniquely on the first boot of your VM and written to a root-only file:

sudo cat /root/nifi-credentials.txt

The username is nifi; the password is the NIFI_ADMIN_PASSWORD value, and NIFI_URL is the HTTPS address to open in your browser.

Per-VM login and the access-token REST round-trip

Step 6 — Sign in to the NiFi canvas

Browse to https://<vm-public-ip>/nifi and sign in with nifi and the password from Step 5. The image ships with a self-signed certificate, so your browser will warn on first connection — accept it (or install a trusted certificate, below). Once signed in you land on the NiFi flow canvas.

NiFi login screen served over HTTPS through the nginx proxy

The NiFi flow design canvas after signing in

You can confirm authentication from the shell using the NiFi access-token REST API. A wrong password is rejected; the per-VM password returns a JWT bearer token:

PASS=$(sudo grep '^NIFI_ADMIN_PASSWORD=' /root/nifi-credentials.txt | cut -d= -f2-)
echo "wrong password -> $(curl -sk -o /dev/null -w '%{http_code}' -d 'username=nifi' --data-urlencode 'password=wrong' https://127.0.0.1:8443/nifi-api/access/token)"
TOKEN=$(curl -sk -d 'username=nifi' --data-urlencode "password=$PASS" https://127.0.0.1:8443/nifi-api/access/token)
echo "token length: ${#TOKEN}"

The wrong password returns a non-201 status, and the real password returns a JWT (a long dotted token).

Step 7 — Build a dataflow

From the canvas, drag a Processor onto the grid, choose one (for example GenerateFlowFile), and connect it to a downstream processor to build a flow. Use the global menu to access Controller Settings, Parameter Contexts and the Provenance view, which records every event as data moves through your flow.

Adding a processor and inspecting controller settings on the canvas

Step 8 — Confirm persistence on the data disk

The NiFi flow configuration and all repositories live on the dedicated Azure data disk at /var/lib/nifi, so your flows and queued data survive reboots and ride into any image you capture:

findmnt /var/lib/nifi
ls /var/lib/nifi

findmnt shows /var/lib/nifi mounted from the data disk, and the directory holds the flow, flowfile_repository, content_repository, provenance_repository and database_repository subdirectories.

NiFi version and the repositories living on the dedicated data disk

Enabling a trusted certificate

The image ships with a self-signed certificate. For production, terminate TLS at the nginx proxy with a real domain pointed at the VM's public IP. Install certbot and request a certificate (replace the domain), which configures nginx to serve HTTPS on port 443:

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.example.com

After certbot completes, NiFi is reachable at https://your-domain.example.com/nifi with a browser-trusted certificate.

Backup and maintenance

Your NiFi flow definition and repositories live on the data disk at /var/lib/nifi; snapshot that disk to back up your flows. The NiFi binaries and configuration are at /opt/nifi/current/conf. Keep the OS patched with sudo apt update && sudo apt upgrade. The service restarts cleanly with sudo systemctl restart nifi — allow one to three minutes for NiFi to come back up. The image already applies all available Ubuntu security updates at build time.

Support

This image is backed by 24/7 cloudimg support. Contact us by email and chat for help with processors, controller services, parameter contexts, clustering, scaling and TLS.

All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.