Thank you Andy, certainly appreciate you looking at this. The use of a frontend proxy is an excellent point, both to handle the routing as well as adding isolation for Nifi.
Thanks again for the help. patw On Fri, May 22, 2020 at 3:53 PM Andy LoPresto <alopre...@apache.org> wrote: > Thanks Pat. The S2S protocol uses TLS as a component, and attempts to use > the highest protocol version supported by both endpoints. For Java 8, this > should be TLSv1.2, and for Java 11, TLSv1.3 (introduced in upcoming NiFi > 1.12.0). > > NiFi itself doesn’t support hosting multiple instances on the same port, > so the only way I see this being applicable is if a load balancer/reverse > proxy in front of NiFi + other services attempted to identify and route > incoming traffic based on SNI. > > I tried to craft a realistic scenario for this email but I couldn’t get to > a point where it made sense. If you have a specific desired scenario, I can > try to analyze it, but the entire concept of having multiple NiFi services > or NiFi + other services be exposed on the same port and use SNI to > differentiate seems unnecessary to me. > > > Andy LoPresto > alopre...@apache.org > *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* > He/Him > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On May 22, 2020, at 12:05 PM, Pat White <patwh...@verizonmedia.com> wrote: > > Hi Andy, > Thanks very much for the feedback, and my apologies for being vague. I > have not used SNI so i have some learning to do. > > Specific use case we were asked about relates with Nifi to Nifi transfers, > so not the webservice itself but rather S2S. > I was wondering if S2S protocol supports SNI, and if so some pointers on > how to configure that. > > patw > > On Fri, May 22, 2020 at 1:14 PM Andy LoPresto <alopre...@apache.org> > wrote: > >> Hi Pat, >> >> Are you asking if NiFi’s internal web server supports SNI or if NiFi >> processors/framework connecting to external services can resolve SNI? Maybe >> some more context around your question would help us answer. >> >> >> Andy LoPresto >> alopre...@apache.org >> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* >> He/Him >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On May 22, 2020, at 9:19 AM, Pat White <patwh...@verizonmedia.com> wrote: >> >> Hi Folks, >> >> Has anyone tried using SNI routing with Nifi? >> >> I believe Jetty supports the TLS extension for SNI but have not tried >> using it, would appreciate any feedback if someone has tried this. Thank >> you. >> >> >> >> >
