I'm surprised you haven't had lots of requests for this already. As it stands now, I cannot figure out how to configure a secure cluster behind a reverse proxy (for example, in a kubernetes environment behind an nginx ingress) that also incorporates OpenID authentication from an external service. I was thinking that if the NiFi nodes were able to operate under a single root path, it might make it easier to reverse proxy all of the different paths that Nifi uses (/nifi, /nifi-api, for example) behind a single ingress. I think having multiple ingress paths for the nifi service makes the reverse proxy configuration very complex when authentication tokens are involved. Without authentication, it works fine.
Thanks, Wyllys Ingersoll On Wed, Mar 18, 2020 at 12:56 PM Andy LoPresto <[email protected]> wrote: > Hi Wyllys, > > As I started reading, I was going to suggest the proxy approach. > Unfortunately, at this time I am unaware of any way to change the paths > within NiFi itself - there would be substantial refactoring required to > make that an option. You can open a feature request Jira for that, or > perhaps the ability to inject a path prefix, but I expect it to be a high > level of effort to implement. > > > Andy LoPresto > [email protected] > *[email protected] <[email protected]>* > He/Him > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Mar 18, 2020, at 9:25 AM, Wyllys Ingersoll < > [email protected]> wrote: > > > Is there a way to configure nifi to use a different root directory for web > requests? > > We would like everything to be under a common root such as: > /XXX/nifi/... > /XXX/nifi-api/... > > Having to proxy 2 (/nifi and /nifi-api) paths makes it very difficult to > setup a reverse proxy that also can incorporate OpenID authentication > tokens to a secure backend cluster of nodes. > > > > >
