natural commented on a change in pull request #4216:
URL: https://github.com/apache/nifi/pull/4216#discussion_r412343656
##########
File path: nifi-docs/src/main/asciidoc/administration-guide.adoc
##########
@@ -2129,6 +2128,36 @@ java.arg.16=-Dsun.security.krb5.debug=true
This will cause the debug output to be written to the NiFi Bootstrap log file.
By default, this is located at _$NIFI_HOME/logs/nifi-bootstrap.log_.
This output can be rather verbose but provides extremely valuable information
for troubleshooting Kerberos failures.
+[[zk_tls]]
+=== Securing ZooKeeper with HTTPS
+By default, when configured for HTTPS communication (that is, valid values for
`nifi.web.https.port` and related properties), NiFi will configure
+the embedded ZooKeeper server for secure communication. This automatic
configuration copies the following properties:
+
+|====
+|*Source NiFi Property*|*Target ZooKeeper Property*|*Description*
+|`nifi.security.keystore` |`ssl.keyStore.location` | Key Store Path
+|`nifi.security.keystorePasswd` |`ssl.keyStore.password` | Key Store
Password
+|`nifi.security.truststore` |`ssl.trustStore.location` | Trust Store Path
+|`nifi.security.truststorePasswd` |`ssl.trustStore.password` | Trust Store
Password
+|====
+
+NOTE: During the automatic configuration, NiFi will raise an exception and
refuse to start if the ZooKeeper configuration contains some of these
+properties but not all. Specify either all TLS properties or none.
+
+As an alternative to the automatic configuration, TLS communications can be
enabled via system properties or in the configuration file specified by the
Review comment:
I don't follow, could you explain or give an example of the kind of
mention you'd like to see here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
