Hello, Yes, that is true. If you change the web port of the NiFi instance, it would be considered a 'new instance' in terms of Remote Process Groups. So any NiFi instance that is sending to/pulling from that instance would have to create a new Remote Process Group to point to the new URL. This probably should be improved by allowing the user to change the URL that the Remote Process Group points to. Feel free to file a JIRA [1] if you think this would be a helpful improvement.
In terms of updating policies, yes you would need to give permissions to all of the ports that you want users to have access to. Typically, this is best done by using Groups so that each port can be configured to allow Site-to-Site for a Group of users and then you can just change the members of that Group. This way you don't have to update many Ports each time that you want to change permissions. Do you have other ideas in mind of how this would be made easier? Thanks -Mark [1] https://issues.apache.org/jira/projects/NIFI On Aug 2, 2017, at 6:45 AM, nifi-san <[email protected]<mailto:[email protected]>> wrote: Thanks Mark, I had a follow up question though. Let's say you have a nifi flow with site-to-site deployment between two nodes node-1- source and node-2 destination on a non secure cluster. The default http port "8080" is used in the configuration of the RPG on node which is http://node-2:8080/nifi. Once you configure ssl to secure your cluster,you may have the node bootstrapping on the https port ,let's say 9966. All the previously configured RPG's will get affected because of this since the nodes are no longer going to listen on the http port. How do we handle such a scenario?You cannot even manually modify an existing RPC to listen to the new ssl port. Also, with the ssl configuration, on the remote node where the Input Port is configured ,you would need to modify the access policies to "Receive data site-to-site". Assuming you have quite a few flows using RPG, manually changing them might be very difficult. -- View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/Nifi-Site-to-Site-pre-existing-deployments-do-not-work-after-enabling-TLS-and-Ldap-tp16486p16560.html Sent from the Apache NiFi Developer List mailing list archive at Nabble.com<http://Nabble.com>.
