Thanks for the info Matt I think I got it now. Cheers,
Edgardo On Wed, Sep 9, 2015 at 3:44 PM, Matt Gilman <[email protected]> wrote: > Edgardo, > > Typically you'll secure all nodes in your cluster in addition to the NCM. > The NCM is responsible for replicating user requests (like create a > processor) to the nodes throughout the cluster. If you ran the nodes > unsecured, the requests from the NCM to the nodes would be over HTTP. > Configuring HTTPs on the nodes too, will ensure your using HTTPs throughout > the cluster. > > There are two really two phases to site to site. First is the discovery of > available Input/Output Ports on a given NiFi instance. These are discovered > by one NiFi sending an HTTP(s) request to another NiFi. This happens when > the user drops a Remote Process Group on the canvas. If the target NiFi is > running securely that request is over HTTPs. Once the target NiFi has > granted access to the source NiFi, a separate socket connection is > established to actually send/receive data. The nifi.remote.input.secure > property allows you to use a secure socket when sending/receiving the data. > > Matt > > On Tue, Sep 8, 2015 at 2:16 PM, Edgardo Vega <[email protected]> > wrote: > > > I have successfully setup https on a single machine. In a clustered > > environment, would the only machine that needs the nifi.security.* > settings > > be the nifi manager and the other nodes in the cluster would just use > inter > > node communications via unicase or multicase ports? > > > > I also see in the documentation that Site-to-Site connection can be > secured > > by setting nifi.remote.input.secure. Wouldn't it already be running https > > when we setup the other properties? > > > > -- > > Cheers, > > > > Edgardo > > > -- Cheers, Edgardo
