Hi Ali, A single forward proxy server can be a SPOF. Although I haven't tried myself, you should be able to make it highly available by deploying multiple ones and a LB in front of those (such as Squid proxies behind HA proxy, I found couple of blog posts about this configuration). As long as each NiFi instance talk to each other though forward proxy servers, S2S load-balancing/fail-over features should work.
You may find S2S HTTP design document [1] useful to understand how it works internally. 1 https://cwiki.apache.org/confluence/display/NIFI/Support+HTTP%28S%29+as+a+transport+mechanism+for+Site-to-Site Regards, Koji On Sun, Oct 8, 2017 at 4:32 PM, Ali Nazemian <[email protected]> wrote: > Hi all, > > I would like to use Nifi secure site to site to send traffic among different > Nifi clusters around the world. However, there are some security concerns of > exposing Nifi IP address to the public, and I would like to use a proxy > server to redirect an S2S traffic to the destination Nifi cluster. My > question is if I use a proxy server in the RPG configuration how Nifi will > manage that under the hood? Can I use multiple proxy servers in a single RPG > to remove SPOF? Please be advised I am not referring to use a PostHTTP on > the source and ListenHTTP on the destination and use a HAproxy as a load > balancing. I am referring only to use S2S and a proxy server to overcome > some of the security concerns at the enterprise. However, I am afraid I may > create SPOF or break load-balancing/fail-over features of Nifi S2S protocol. > > Regards, > Ali
