[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16424501#comment-16424501
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2510


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16424499#comment-16424499
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/2510
  
Thanks @ijokarumawak! This has been merged to master.


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16424498#comment-16424498
 ] 

ASF subversion and git services commented on NIFI-4932:
---

Commit 1913b1e2a8c798eac066c9ab3baab7843e115ef1 in nifi's branch 
refs/heads/master from [~ijokarumawak]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=1913b1e ]

NIFI-4932: Enable S2S work behind a Reverse Proxy
Adding S2S endpoint Reverse Proxy mapping capability.
Added license header to SVG files.
Incorporated review comments.
Use regex to check property key processing.
Catch AttributeExpressionLanguageParsingException.
This closes #2510


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421903#comment-16421903
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on the issue:

https://github.com/apache/nifi/pull/2510
  
@mcgilman Thanks for clarifying the String manipulation exception, I just 
didn't have enough imagination to come up with such invalid inputs. I switched 
to use regex to check and parse property keys. Now it should be more robust and 
provide more user friendly error messages.

Also, added try/catch for EL parse failure. Thanks!


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419744#comment-16419744
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/2510
  
@ijokarumawak Just wanted to add that I have verified this capability 
running standalone and clustered and everything seems to be working nicely. 
Just a couple more minor error handling cases. Thanks!


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419728#comment-16419728
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r178175082
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private Route validate() {
+if (hostname == null) {
+throw new IllegalArgumentException(
+format("Found an invalid Site-to-Site route 
definition [%s] 'hostname' is not specified.", name));
+}
+if (port == null) {
+throw new IllegalArgumentException(
+format("Found an invalid Site-to-Site route 
definition [%s] 'port' is not specified.", name));
+}
+return this;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+final String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
+final Map routeDefinitions = 
properties.getPropertyKeys().stream()
+.filter(propertyKey -> 
propertyKey.startsWith(PROPERTY_PREFIX))
+.collect(Collectors.groupingBy(propertyKey -> 
propertyKey.substring(PROPERTY_PREFIX.length(), propertyKey.lastIndexOf('.';
+
+routes = routeDefinitions.entrySet().stream().map(routeDefinition 
-> {
+final Route route = new Route();
+// E.g. raw.example1, http.example2
+final String[] protocolAndRoutingName = 
routeDefinition.getKey().split("\\.");
+route.protocol = 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419721#comment-16419721
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r178174688
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private Route validate() {
+if (hostname == null) {
+throw new IllegalArgumentException(
+format("Found an invalid Site-to-Site route 
definition [%s] 'hostname' is not specified.", name));
+}
+if (port == null) {
+throw new IllegalArgumentException(
+format("Found an invalid Site-to-Site route 
definition [%s] 'port' is not specified.", name));
+}
+return this;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+final String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
+final Map routeDefinitions = 
properties.getPropertyKeys().stream()
+.filter(propertyKey -> 
propertyKey.startsWith(PROPERTY_PREFIX))
+.collect(Collectors.groupingBy(propertyKey -> 
propertyKey.substring(PROPERTY_PREFIX.length(), propertyKey.lastIndexOf('.';
+
+routes = routeDefinitions.entrySet().stream().map(routeDefinition 
-> {
+final Route route = new Route();
+// E.g. raw.example1, http.example2
+final String[] protocolAndRoutingName = 
routeDefinition.getKey().split("\\.");
+route.protocol = 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418355#comment-16418355
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on the issue:

https://github.com/apache/nifi/pull/2510
  
@mcgilman Thanks for reviewing. I've incorporated all feedback. Please take 
a look it again. Thanks!


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418353#comment-16418353
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177942356
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
+}
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
--- End diff --

@mcgilman Agreed. I've changed variable names for better readability. Also 
changed validation logic to throw Exceptions with detailed error message.

For EL parsing, I tried several invalid ELs, but couldn't get EL parsing 
exception when it's compiled. Instead it errors out when it is evaluated.

More unit tests are added as well for invalid configuration scenarios.
I confirmed NiFi does not start with invalid configs.


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418350#comment-16418350
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177941458
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
+}
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
+final Map routeDefinitions = 
properties.getPropertyKeys().stream()
+.filter(k -> k.startsWith(PROPERTY_PREFIX))
+.collect(Collectors.groupingBy(k -> 
k.substring(PROPERTY_PREFIX.length(), k.lastIndexOf('.';
+
+routes = routeDefinitions.entrySet().stream().map(r -> {
+final Route route = new Route();
+final String[] key = r.getKey().split("\\.");
+route.protocol = 
SiteToSiteTransportProtocol.valueOf(key[0].toUpperCase());
+route.name = key[1];
+

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418278#comment-16418278
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177925669
  
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3058,6 +3062,258 @@ responses from the remote system for `30 secs`. 
This allows NiFi to avoid consta
 has many instances of Remote Process Groups.
 |
 
+[[site_to_site_reverse_proxy_properties]]
+=== Site to Site Routing Properties for Reverse Proxies
+
+Site-to-Site requires peer-to-peer communication between a client and a 
remote NiFi node. E.g. if a remote NiFi cluster has 3 nodes, nifi0, nifi1 and 
nifi2, then a client requests have to be reachable to each of those remote node.
+
+If a NiFi cluster is planned to receive/transfer data from/to Site-to-Site 
clients over the internet or a company firewall, a reverse proxy server can be 
deployed in front of the NiFi cluster nodes as a gateway to route client 
requests to upstream NiFi nodes, to reduce number of servers and ports those 
have to be exposed.
+
+In such environment, the same NiFi cluster would also be expected to be 
accessed by Site-to-Site clients within the same network. Sending FlowFiles to 
itself for load distribution among NiFi cluster nodes can be a typical example. 
In this case, client requests should be routed directly to a node without going 
through the reverse proxy.
+
+In order to support such deployments, remote NiFi clusters need to expose 
its Site-to-Site endpoints dynamically based on client request contexts. 
Following properties configure how peers should be exposed to clients. A 
routing definition consists of 4 properties, 'when', 'hostname', 'port', and 
'secure', grouped by 'protocol' and 'name'. Multiple routing definitions can be 
configured. 'protocol' represents Site-to-Site transport protocol, i.e. raw or 
http.
+
+|
+|*Property*|*Description*
+|nifi.remote.route.{protocol}.{name}.when|Boolean value, 'true' or 
'false'. Controls whether the routing definition for this name should be used.
+|nifi.remote.route.{protocol}.{name}.hostname|Specify hostname that will 
be introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.port|Specify port number that will be 
introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.secure|Boolean value, 'true' or 
'false'. Specify whether the remote peer should be accessed via secure protocol.
+|
+
+All of above routing properties can use NiFi Expression Language to 
compute target peer description from request context. Available variables are:
+
+|===
+|*Variable name*|*Description*
+|s2s.{source\|target}.hostname|Hostname of the source where the request 
came from, and the original target.
+|s2s.{source\|target}.port|Same as above, for ports. Source port may not 
be useful as it is just a client side TCP port.
+|s2s.{source\|target}.secure|Same as above, for secure or not.
+|s2s.protocol|The name of Site-to-Site protocol being used, RAW or HTTP.
+|s2s.request|The name of current request type, SiteToSiteDetail or Peers. 
See Site-to-Site protocol sequence below for detail.
+|HTTP request headers|HTTP request header values can be referred by its 
name.
+|===
+
+ Site to Site protocol sequence
+
+Configuring these properties correctly would require some understandings 
on Site-to-Site protocol sequence.
+
+1. A client initiates Site-to-Site protocol by sending a HTTP(S) request 
to the specified remote URL to get remote cluster Site-to-Site information. 
Specifically, to '/nifi-api/site-to-site'. This request is called 
'SiteToSiteDetail'.
+2. A remote NiFi node responds with its input and output ports, and TCP 
port numbers for RAW and TCP transport protocols.
+3. The client sends another request to get remote peers using the TCP port 
number returned at #2. From this request, raw socket communication is used for 
RAW transport protocol, while HTTP keeps using HTTP(S). This request is called 
'Peers'.
+4. A remote NiFi node responds with list of available remote peers 
containing hostname, port, secure and workload such as the number of queued 
FlowFiles. From this point, further communication is done between the client 
and the remote NiFi node.
+5. The client decides which peer to transfer data from/to, based on 
workload information.
+6. The client sends a request to create a transaction to a remote NiFi 
node.
+7. The remote NiFi node accepts the transaction.
+8. Data is sent to the target peer. Multiple Data packets can be sent in 
batch 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418272#comment-16418272
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177924170
  
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3058,6 +3062,258 @@ responses from the remote system for `30 secs`. 
This allows NiFi to avoid consta
 has many instances of Remote Process Groups.
 |
 
+[[site_to_site_reverse_proxy_properties]]
+=== Site to Site Routing Properties for Reverse Proxies
+
+Site-to-Site requires peer-to-peer communication between a client and a 
remote NiFi node. E.g. if a remote NiFi cluster has 3 nodes, nifi0, nifi1 and 
nifi2, then a client requests have to be reachable to each of those remote node.
+
+If a NiFi cluster is planned to receive/transfer data from/to Site-to-Site 
clients over the internet or a company firewall, a reverse proxy server can be 
deployed in front of the NiFi cluster nodes as a gateway to route client 
requests to upstream NiFi nodes, to reduce number of servers and ports those 
have to be exposed.
+
+In such environment, the same NiFi cluster would also be expected to be 
accessed by Site-to-Site clients within the same network. Sending FlowFiles to 
itself for load distribution among NiFi cluster nodes can be a typical example. 
In this case, client requests should be routed directly to a node without going 
through the reverse proxy.
+
+In order to support such deployments, remote NiFi clusters need to expose 
its Site-to-Site endpoints dynamically based on client request contexts. 
Following properties configure how peers should be exposed to clients. A 
routing definition consists of 4 properties, 'when', 'hostname', 'port', and 
'secure', grouped by 'protocol' and 'name'. Multiple routing definitions can be 
configured. 'protocol' represents Site-to-Site transport protocol, i.e. raw or 
http.
+
+|
+|*Property*|*Description*
+|nifi.remote.route.{protocol}.{name}.when|Boolean value, 'true' or 
'false'. Controls whether the routing definition for this name should be used.
+|nifi.remote.route.{protocol}.{name}.hostname|Specify hostname that will 
be introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.port|Specify port number that will be 
introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.secure|Boolean value, 'true' or 
'false'. Specify whether the remote peer should be accessed via secure protocol.
+|
+
+All of above routing properties can use NiFi Expression Language to 
compute target peer description from request context. Available variables are:
+
+|===
+|*Variable name*|*Description*
+|s2s.{source\|target}.hostname|Hostname of the source where the request 
came from, and the original target.
+|s2s.{source\|target}.port|Same as above, for ports. Source port may not 
be useful as it is just a client side TCP port.
+|s2s.{source\|target}.secure|Same as above, for secure or not.
+|s2s.protocol|The name of Site-to-Site protocol being used, RAW or HTTP.
+|s2s.request|The name of current request type, SiteToSiteDetail or Peers. 
See Site-to-Site protocol sequence below for detail.
+|HTTP request headers|HTTP request header values can be referred by its 
name.
+|===
+
+ Site to Site protocol sequence
+
+Configuring these properties correctly would require some understandings 
on Site-to-Site protocol sequence.
+
+1. A client initiates Site-to-Site protocol by sending a HTTP(S) request 
to the specified remote URL to get remote cluster Site-to-Site information. 
Specifically, to '/nifi-api/site-to-site'. This request is called 
'SiteToSiteDetail'.
+2. A remote NiFi node responds with its input and output ports, and TCP 
port numbers for RAW and TCP transport protocols.
+3. The client sends another request to get remote peers using the TCP port 
number returned at #2. From this request, raw socket communication is used for 
RAW transport protocol, while HTTP keeps using HTTP(S). This request is called 
'Peers'.
+4. A remote NiFi node responds with list of available remote peers 
containing hostname, port, secure and workload such as the number of queued 
FlowFiles. From this point, further communication is done between the client 
and the remote NiFi node.
+5. The client decides which peer to transfer data from/to, based on 
workload information.
+6. The client sends a request to create a transaction to a remote NiFi 
node.
+7. The remote NiFi node accepts the transaction.
+8. Data is sent to the target peer. Multiple Data packets can be sent in 
batch 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418269#comment-16418269
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177924123
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
--- End diff --

@mcgilman The blank check is not needed since Boolean.valueOf returns 
`false` for null/empty string. I will remove these lines and also callout that 
default is 'false' in the docs.


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16418261#comment-16418261
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177922327
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
+}
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
+final Map routeDefinitions = 
properties.getPropertyKeys().stream()
+.filter(k -> k.startsWith(PROPERTY_PREFIX))
+.collect(Collectors.groupingBy(k -> 
k.substring(PROPERTY_PREFIX.length(), k.lastIndexOf('.';
+
+routes = routeDefinitions.entrySet().stream().map(r -> {
+final Route route = new Route();
+final String[] key = r.getKey().split("\\.");
+route.protocol = 
SiteToSiteTransportProtocol.valueOf(key[0].toUpperCase());
+route.name = key[1];
+

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16416117#comment-16416117
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177538563
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
+}
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
+final Map routeDefinitions = 
properties.getPropertyKeys().stream()
+.filter(k -> k.startsWith(PROPERTY_PREFIX))
+.collect(Collectors.groupingBy(k -> 
k.substring(PROPERTY_PREFIX.length(), k.lastIndexOf('.';
+
+routes = routeDefinitions.entrySet().stream().map(r -> {
+final Route route = new Route();
+final String[] key = r.getKey().split("\\.");
+route.protocol = 
SiteToSiteTransportProtocol.valueOf(key[0].toUpperCase());
+route.name = key[1];
+

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16416118#comment-16416118
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177538075
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
+}
+return new PeerDescription(targetHostName, 
Integer.valueOf(targetPortStr), Boolean.valueOf(targetIsSecure));
+}
+}
+
+private Map routes;
+
+
+private static final String PROPERTY_PREFIX = "nifi.remote.route.";
+
+public PeerDescriptionModifier(final NiFiProperties properties) {
--- End diff --

A couple comments on this method...

- Can we make this code a little more readable by not using single letter 
variable names? It made it difficult to understand what was happening here.
- Can we add better error handling throughout this method? For instance, if 
the properties are misconfigured it's likely this could fail exceptionally with 
IndexOutOfBounds or EL Parsing Exception. Can we handle those specifics and log 
the underlying issue and then continue to fail. This we should be able to 
identify when the routes are misconfigured and help drive the user to the exact 
issue.


> 

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16416121#comment-16416121
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177542298
  
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3058,6 +3062,258 @@ responses from the remote system for `30 secs`. 
This allows NiFi to avoid consta
 has many instances of Remote Process Groups.
 |
 
+[[site_to_site_reverse_proxy_properties]]
+=== Site to Site Routing Properties for Reverse Proxies
+
+Site-to-Site requires peer-to-peer communication between a client and a 
remote NiFi node. E.g. if a remote NiFi cluster has 3 nodes, nifi0, nifi1 and 
nifi2, then a client requests have to be reachable to each of those remote node.
+
+If a NiFi cluster is planned to receive/transfer data from/to Site-to-Site 
clients over the internet or a company firewall, a reverse proxy server can be 
deployed in front of the NiFi cluster nodes as a gateway to route client 
requests to upstream NiFi nodes, to reduce number of servers and ports those 
have to be exposed.
+
+In such environment, the same NiFi cluster would also be expected to be 
accessed by Site-to-Site clients within the same network. Sending FlowFiles to 
itself for load distribution among NiFi cluster nodes can be a typical example. 
In this case, client requests should be routed directly to a node without going 
through the reverse proxy.
+
+In order to support such deployments, remote NiFi clusters need to expose 
its Site-to-Site endpoints dynamically based on client request contexts. 
Following properties configure how peers should be exposed to clients. A 
routing definition consists of 4 properties, 'when', 'hostname', 'port', and 
'secure', grouped by 'protocol' and 'name'. Multiple routing definitions can be 
configured. 'protocol' represents Site-to-Site transport protocol, i.e. raw or 
http.
+
+|
+|*Property*|*Description*
+|nifi.remote.route.{protocol}.{name}.when|Boolean value, 'true' or 
'false'. Controls whether the routing definition for this name should be used.
+|nifi.remote.route.{protocol}.{name}.hostname|Specify hostname that will 
be introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.port|Specify port number that will be 
introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.secure|Boolean value, 'true' or 
'false'. Specify whether the remote peer should be accessed via secure protocol.
+|
+
+All of above routing properties can use NiFi Expression Language to 
compute target peer description from request context. Available variables are:
+
+|===
+|*Variable name*|*Description*
+|s2s.{source\|target}.hostname|Hostname of the source where the request 
came from, and the original target.
+|s2s.{source\|target}.port|Same as above, for ports. Source port may not 
be useful as it is just a client side TCP port.
+|s2s.{source\|target}.secure|Same as above, for secure or not.
+|s2s.protocol|The name of Site-to-Site protocol being used, RAW or HTTP.
+|s2s.request|The name of current request type, SiteToSiteDetail or Peers. 
See Site-to-Site protocol sequence below for detail.
+|HTTP request headers|HTTP request header values can be referred by its 
name.
+|===
+
+ Site to Site protocol sequence
+
+Configuring these properties correctly would require some understandings 
on Site-to-Site protocol sequence.
+
+1. A client initiates Site-to-Site protocol by sending a HTTP(S) request 
to the specified remote URL to get remote cluster Site-to-Site information. 
Specifically, to '/nifi-api/site-to-site'. This request is called 
'SiteToSiteDetail'.
+2. A remote NiFi node responds with its input and output ports, and TCP 
port numbers for RAW and TCP transport protocols.
+3. The client sends another request to get remote peers using the TCP port 
number returned at #2. From this request, raw socket communication is used for 
RAW transport protocol, while HTTP keeps using HTTP(S). This request is called 
'Peers'.
+4. A remote NiFi node responds with list of available remote peers 
containing hostname, port, secure and workload such as the number of queued 
FlowFiles. From this point, further communication is done between the client 
and the remote NiFi node.
+5. The client decides which peer to transfer data from/to, based on 
workload information.
+6. The client sends a request to create a transaction to a remote NiFi 
node.
+7. The remote NiFi node accepts the transaction.
+8. Data is sent to the target peer. Multiple Data packets can be sent in 
batch manner.
   

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16416120#comment-16416120
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177541745
  
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3058,6 +3062,258 @@ responses from the remote system for `30 secs`. 
This allows NiFi to avoid consta
 has many instances of Remote Process Groups.
 |
 
+[[site_to_site_reverse_proxy_properties]]
+=== Site to Site Routing Properties for Reverse Proxies
+
+Site-to-Site requires peer-to-peer communication between a client and a 
remote NiFi node. E.g. if a remote NiFi cluster has 3 nodes, nifi0, nifi1 and 
nifi2, then a client requests have to be reachable to each of those remote node.
+
+If a NiFi cluster is planned to receive/transfer data from/to Site-to-Site 
clients over the internet or a company firewall, a reverse proxy server can be 
deployed in front of the NiFi cluster nodes as a gateway to route client 
requests to upstream NiFi nodes, to reduce number of servers and ports those 
have to be exposed.
+
+In such environment, the same NiFi cluster would also be expected to be 
accessed by Site-to-Site clients within the same network. Sending FlowFiles to 
itself for load distribution among NiFi cluster nodes can be a typical example. 
In this case, client requests should be routed directly to a node without going 
through the reverse proxy.
+
+In order to support such deployments, remote NiFi clusters need to expose 
its Site-to-Site endpoints dynamically based on client request contexts. 
Following properties configure how peers should be exposed to clients. A 
routing definition consists of 4 properties, 'when', 'hostname', 'port', and 
'secure', grouped by 'protocol' and 'name'. Multiple routing definitions can be 
configured. 'protocol' represents Site-to-Site transport protocol, i.e. raw or 
http.
+
+|
+|*Property*|*Description*
+|nifi.remote.route.{protocol}.{name}.when|Boolean value, 'true' or 
'false'. Controls whether the routing definition for this name should be used.
+|nifi.remote.route.{protocol}.{name}.hostname|Specify hostname that will 
be introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.port|Specify port number that will be 
introduced to Site-to-Site clients for further communications.
+|nifi.remote.route.{protocol}.{name}.secure|Boolean value, 'true' or 
'false'. Specify whether the remote peer should be accessed via secure protocol.
+|
+
+All of above routing properties can use NiFi Expression Language to 
compute target peer description from request context. Available variables are:
+
+|===
+|*Variable name*|*Description*
+|s2s.{source\|target}.hostname|Hostname of the source where the request 
came from, and the original target.
+|s2s.{source\|target}.port|Same as above, for ports. Source port may not 
be useful as it is just a client side TCP port.
+|s2s.{source\|target}.secure|Same as above, for secure or not.
+|s2s.protocol|The name of Site-to-Site protocol being used, RAW or HTTP.
+|s2s.request|The name of current request type, SiteToSiteDetail or Peers. 
See Site-to-Site protocol sequence below for detail.
+|HTTP request headers|HTTP request header values can be referred by its 
name.
+|===
+
+ Site to Site protocol sequence
+
+Configuring these properties correctly would require some understandings 
on Site-to-Site protocol sequence.
+
+1. A client initiates Site-to-Site protocol by sending a HTTP(S) request 
to the specified remote URL to get remote cluster Site-to-Site information. 
Specifically, to '/nifi-api/site-to-site'. This request is called 
'SiteToSiteDetail'.
+2. A remote NiFi node responds with its input and output ports, and TCP 
port numbers for RAW and TCP transport protocols.
+3. The client sends another request to get remote peers using the TCP port 
number returned at #2. From this request, raw socket communication is used for 
RAW transport protocol, while HTTP keeps using HTTP(S). This request is called 
'Peers'.
+4. A remote NiFi node responds with list of available remote peers 
containing hostname, port, secure and workload such as the number of queued 
FlowFiles. From this point, further communication is done between the client 
and the remote NiFi node.
+5. The client decides which peer to transfer data from/to, based on 
workload information.
+6. The client sends a request to create a transaction to a remote NiFi 
node.
+7. The remote NiFi node accepts the transaction.
+8. Data is sent to the target peer. Multiple Data packets can be sent in 
batch manner.
   

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16416119#comment-16416119
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2510#discussion_r177539731
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/PeerDescriptionModifier.java
 ---
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.remote;
+
+import org.apache.nifi.attribute.expression.language.PreparedQuery;
+import org.apache.nifi.attribute.expression.language.Query;
+import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import static java.lang.String.format;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+public class PeerDescriptionModifier {
+
+private static final Logger logger = 
LoggerFactory.getLogger(PeerDescriptionModifier.class);
+
+public enum RequestType {
+SiteToSiteDetail,
+Peers
+}
+
+private static class Route {
+private String name;
+private SiteToSiteTransportProtocol protocol;
+private PreparedQuery predicate;
+private PreparedQuery hostname;
+private PreparedQuery port;
+private PreparedQuery secure;
+
+private boolean isValid() {
+if (hostname == null) {
+logger.warn("Ignore invalid route definition {} because 
'hostname' is not specified.", name);return false;
+}
+if (port == null) {
+logger.warn("Ignore invalid route definition {} because 
'port' is not specified.", name);
+return false;
+}
+return true;
+}
+
+private PeerDescription getTarget(final Map 
variables) {
+final String targetHostName = 
hostname.evaluateExpressions(variables, null);
+if (isBlank(targetHostName)) {
+throw new IllegalStateException("Target hostname was not 
resolved for the route definition " + name);
+}
+
+final String targetPortStr = 
port.evaluateExpressions(variables, null);
+if (isBlank(targetPortStr)) {
+throw new IllegalStateException("Target port was not 
resolved for the route definition " + name);
+}
+
+String targetIsSecure = secure == null ? null : 
secure.evaluateExpressions(variables, null);
+if (isBlank(targetIsSecure)) {
+targetIsSecure = "false";
--- End diff --

Is there a reason we are defaulting this to false here? If so, is this 
something that should be called out in the documentation?


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16404933#comment-16404933
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/2510
  
Will review...


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16387004#comment-16387004
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on the issue:

https://github.com/apache/nifi/pull/2510
  
@alopresto Thank you! The RAT check failed with SVG files for docs. I 
didn't run contrib check after I added docs, my bad. I'll update it.


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16385682#comment-16385682
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

Github user ijokarumawak commented on the issue:

https://github.com/apache/nifi/pull/2510
  
Dear reviewers, I've tested this improvement with Nginx and AWS ALB 
(Application Load Balancer). I used docker to run different Nginx 
configurations to test, and those docker environments are available here in my 
github project, which may be useful for reviewing, too. 
https://github.com/ijokarumawak/nifi-reverseproxy

Please build this PR and see updated administration-guide.html for details. 
Thank you!


> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16385672#comment-16385672
 ] 

ASF GitHub Bot commented on NIFI-4932:
--

GitHub user ijokarumawak opened a pull request:

https://github.com/apache/nifi/pull/2510

NIFI-4932: Enable S2S work behind a Reverse Proxy

Adding S2S endpoint Reverse Proxy mapping capability.

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [x] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [x] Is your initial contribution a single, squashed commit?

### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ijokarumawak/nifi nifi-4932

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2510.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2510


commit 9c86dde9089392f13afc20c1e2a91e62230efa6b
Author: Koji Kawamura 
Date:   2018-02-06T02:37:06Z

NIFI-4932: Enable S2S work behind a Reverse Proxy

Adding S2S endpoint Reverse Proxy mapping capability.




> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[Koji Kawamura (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16385665#comment-16385665
 ] 

Koji Kawamura commented on NIFI-4932:
-

NIFI-3506 can use this improvement, too.

> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-4932) Enable S2S work behind a Reverse Proxy

[Koji Kawamura (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16385657#comment-16385657
 ] 

Koji Kawamura commented on NIFI-4932:
-

NIFI-4273 should be addressed by this improvement.

> Enable S2S work behind a Reverse Proxy
> --
>
> Key: NIFI-4932
> URL: https://issues.apache.org/jira/browse/NIFI-4932
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Core Framework
>Reporter: Koji Kawamura
>Assignee: Koji Kawamura
>Priority: Major
>
> Currently, NiFi UI and REST API work through a reverse proxy, but NiFi 
> Site-to-Site does not. The core issue is how a NiFi node introduce remote 
> peers to Site-to-Site clients. NiFi should provide more flexible 
> configuration so that user can define remote Site-to-Site endpoints those can 
> work for both routes, through a reverse proxy, and directly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)