Hi all, we recently came across some changed behavior when testing NiFi 2.0 [1] which we think is due to upstream changes in Jetty that became active when switching to Jetty 12 in NiFi 2.0.
I think the actual issue is less important to this question, but I'll briefly outline it, feel free to skip down until the ==question starts here== marker if you are not interested. We run NiFi in Kubernetes and expose it via a service that clients can connect to. As usual in Kubernetes, these services get a fqdn assigned to them which could look like this "nifi.default.svc.cluster.local". If your client runs within the same namespace as NiFi it could also just connect to "nifi" though, which is then essentially the same. Since NiFi 2.0 this doesn't work anymore, because the Jetty hostnamecheck is enabled by default and fails, because "nifi" is not in the certificate. Don't get me wrong: All of this is correct and it should fail, and everything works as intended here! This should arguably be fixed by simply connecting to "nifi.default.svc.cluster.local" instead of "nifi". Sadly however, we live in a world where we cannot expect to have everything under our control all the time. If NiFi in k8s is exposed via an Azure/GKE/AWS/proprietary/... ingress controller or some other forwarding mechanisms we cannot expect to always be able to influence what this connects to. I don't think this should be exposed as an option, disabling this check is arguably wrong, but having a uncomfortable override in our back pocket to hand out when there is absolutely positively no other alternative might be worth while. Hence my question - sorry for the very long introduction... ==question starts here== Is it possible to somehow set jetty options when starting NiFi that get passed through to the server? I googled around a bit and was not able to find a definitive answer, there is an xml file that jetty uses in tests, but I suspect that'll need to be explicitly referenced somewhere somehow... Best regards, Sönke [1] https://github.com/stackabletech/decisions/issues/34
