Hi Stanislav,
I recently set up Nginx on my cluster and found there were extra end points to
configure for reverse proxy other than /nifi/ as described in the admin guide.
I think they are associated with the underlying API that the GUI incorporates.
I used this config for my proxy.conf file. Note it is for HTTP, you will need
to alter for HTTPS.
# Reverse proxy for NiFi
location /nifi/ {
proxy_pass http://nifi:8080/nifi/;
proxy_set_header X-ProxyScheme "http"; # the scheme to use to connect
to the proxy
proxy_set_header X-ProxyHost $http_host; # the host of the proxy
proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening
on
proxy_set_header X-ProxyContextPath "/nifi/"; # the path configured to
map to the NiFi instance
}
location /nifi-api/ {
proxy_pass http://nifi:8080/nifi-api/;
proxy_set_header X-ProxyHost $http_host; # the host of the proxy
proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening
on
}
location /nifi-content-viewer/ {
proxy_pass http://nifi:8080/nifi-content-viewer/;
proxy_set_header X-ProxyHost $http_host; # the host of the proxy
proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening
on
}
# Reverse proxy for NiFi Registry
location /nifi-registry {
proxy_pass http://registry:18080/nifi-registry;
}
Regards
Steve Hindmarch
From: Поротиков Станислав Вячеславович via users <[email protected]>
Sent: Wednesday, February 21, 2024 5:42 PM
To: [email protected]
Subject: Easiest way to secure NiFi automatically
Hello!
I want to deploy NiFi Cluster with ansible.
Configuration file need to be prepared in advance.
Now I try to generate keystore/truststore for NiFi 2.0.
I found some documents about tls-toolkit command line utility to help it. But
it points to old versions of NiFi.
What can I use instead of it with NiFi 2.0.?
Further things I going to setup:
Proxy: NGINX
Authentication<https://nifi.apache.org/documentation/nifi-2.0.0-M1/html/administration-guide.html#user_authentication>:
OpenID
Authorization: LDAP
Best regards,
Stanislav Porotikov
