Edgardo, Typically you'll secure all nodes in your cluster in addition to the NCM. The NCM is responsible for replicating user requests (like create a processor) to the nodes throughout the cluster. If you ran the nodes unsecured, the requests from the NCM to the nodes would be over HTTP. Configuring HTTPs on the nodes too, will ensure your using HTTPs throughout the cluster.
There are two really two phases to site to site. First is the discovery of available Input/Output Ports on a given NiFi instance. These are discovered by one NiFi sending an HTTP(s) request to another NiFi. This happens when the user drops a Remote Process Group on the canvas. If the target NiFi is running securely that request is over HTTPs. Once the target NiFi has granted access to the source NiFi, a separate socket connection is established to actually send/receive data. The nifi.remote.input.secure property allows you to use a secure socket when sending/receiving the data. Matt On Tue, Sep 8, 2015 at 2:16 PM, Edgardo Vega <[email protected]> wrote: > I have successfully setup https on a single machine. In a clustered > environment, would the only machine that needs the nifi.security.* settings > be the nifi manager and the other nodes in the cluster would just use inter > node communications via unicase or multicase ports? > > I also see in the documentation that Site-to-Site connection can be secured > by setting nifi.remote.input.secure. Wouldn't it already be running https > when we setup the other properties? > > -- > Cheers, > > Edgardo >
