Adam, This probably isn’t easily accomplished. You might be able to deploy with an “accept all” truststore so that any certificate is accepted, and provide a keystore that doesn’t have a private key to try and satisfy the properties loading without actually enabling HTTPS security on NiFi and the authentication mechanisms therein. I haven’t tried this, as we haven’t seen this request before.
If that doesn’t work, we might need to do some more exploration. I don’t think we would want to enable HTTPS without authentication as a normal use case, as some users would probably configure this accidentally and have a false sense of security. Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Nov 3, 2018, at 10:24, Martini, Adam <[email protected]> wrote: > > Hello all, > > We have NiFi Registry 0.2.0 spun up with an nginx proxy and SSL termination > such that our services is being served over https without using NiFi’s > builtin security configurations. > > We are able to add the registry service to NiFi using our HTTPS endpoint and > everything works perfectly. However, we see errors when we restart NiFi: > org.apache.nifi.controller.serialization.FlowSynchronizationException: > java.lang.IllegalStateException: Failed to create Flow Registry for URI > https://nifi-registry.test.streams.nikecloud.com/ because this NiFi is not > configured with a Keystore/Truststore, so it is not capable of communicating > with a secure Registry. Please populate NiFi's Keystore/Truststore properties > or connect to a NiFi Registry over http instead of https. > > Is there a work around that will allow us to use this nginx proxy > architecture with NiFi Registry? HTTPS is historically an important > requirement for us but we do not need, or desire, the complexity of a NiFi’s > builtin security. > > Thanks, > > Adam Martini > > Senior Software Engineer > Nike Digital > [email protected]<mailto:[email protected]> > > > >
