pvillard31 commented on pull request #4603: URL: https://github.com/apache/nifi/pull/4603#issuecomment-711032764
> The concept of a health check for deployment behind a load balancer is useful, but listening on a different port and having a different approach to TLS negotiation may not be the most intuitive or generally applicable implementation. Is there a specific reason that the health check port should not follow the same TLS negotiation requirements as the primary port? More importantly, listening on a different port could introduce other complications. For example, a firewall between the load balancer and ListenHTTP would have to allow both the primary port as well as the health check port. Some load balancing servers perform health checks on the same port as the one configured for primary communication, so that seems like a better implementation approach. Main reason, I think, is in case the processor is configured with 2-ways SSL. Many load balancers cannot provide a client certificate for a health check. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
