[
https://issues.apache.org/jira/browse/NIFI-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15547513#comment-15547513
]
ASF GitHub Bot commented on NIFI-2855:
--------------------------------------
GitHub user ijokarumawak opened a pull request:
https://github.com/apache/nifi/pull/1100
NIFI-2855: Site-to-Site with port forwarding.
This change allows user to run NiFi without root privilege but with low
port (80 or 443) using port forwarding together.
- Added following properties:
- nifi.web.http.port.forwarding
- nifi.web.https.port.forwarding
Please refer the admin guide for detail.
Tested with:
- Local and Cloud Site-to-Site with only either one of 80 or 443 port is
accessible
- Enabling port forwarding, or without it (direct access)
- Clustered/Standalone
- With proxy
- RAW transport protocol (works as it was)
Any comments are appreciated!
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ijokarumawak/nifi nifi-2855
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/1100.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1100
----
commit 0fd5fdc44b12a0c484701080d0c6aca724f4b5ee
Author: Koji Kawamura <[email protected]>
Date: 2016-10-04T10:39:36Z
NIFI-2855: Site-to-Site with port forwarding.
- Added following properties:
- nifi.web.http.port.forwarding
- nifi.web.https.port.forwarding
----
> NiFi Site-To-Site with port forwarding
> --------------------------------------
>
> Key: NIFI-2855
> URL: https://issues.apache.org/jira/browse/NIFI-2855
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Bryan Rosander
> Assignee: Koji Kawamura
>
> It would be useful to be able to use port forwarding with NiFi Site-To-Site.
> This would allow NiFi to appear externally to be listening on a privileged
> port without having been granted elevated permissions.
> For example, an administrator could configure iptables to forward traffic
> from port 443 to port 9443. Then users could use NiFi at port 443. This
> provides more flexibility as far as firewall configuration is concerned.
> The above scenario causes problems with Site-To-Site though because in a
> clustered scenario, the nodes will still advertise themselves with port 9443.
> This would prevent a Site-To-Site client from being able to talk to them
> from outside the firewall.
> We need a way (probably a nifi property) to tell NiFi to listen on one port
> (9443) and advertise another (443) for Site-To-Site purposes to enable this
> usecase.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
