Thanks, Koji. Do I need to have any special requirement on the forward proxy or it is working with any forward proxy?
On Tue, Oct 10, 2017 at 2:29 PM, Koji Kawamura <[email protected]> wrote: > Hi Ali, > > A single forward proxy server can be a SPOF. Although I haven't tried > myself, you should be able to make it highly available by deploying > multiple ones and a LB in front of those (such as Squid proxies behind > HA proxy, I found couple of blog posts about this configuration). As > long as each NiFi instance talk to each other though forward proxy > servers, S2S load-balancing/fail-over features should work. > > You may find S2S HTTP design document [1] useful to understand how it > works internally. > > 1 https://cwiki.apache.org/confluence/display/NIFI/ > Support+HTTP%28S%29+as+a+transport+mechanism+for+Site-to-Site > > Regards, > Koji > > On Sun, Oct 8, 2017 at 4:32 PM, Ali Nazemian <[email protected]> > wrote: > > Hi all, > > > > I would like to use Nifi secure site to site to send traffic among > different > > Nifi clusters around the world. However, there are some security > concerns of > > exposing Nifi IP address to the public, and I would like to use a proxy > > server to redirect an S2S traffic to the destination Nifi cluster. My > > question is if I use a proxy server in the RPG configuration how Nifi > will > > manage that under the hood? Can I use multiple proxy servers in a single > RPG > > to remove SPOF? Please be advised I am not referring to use a PostHTTP on > > the source and ListenHTTP on the destination and use a HAproxy as a load > > balancing. I am referring only to use S2S and a proxy server to overcome > > some of the security concerns at the enterprise. However, I am afraid I > may > > create SPOF or break load-balancing/fail-over features of Nifi S2S > protocol. > > > > Regards, > > Ali > -- A.Nazemian
