RE: Easiest way to secure NiFi automatically

Wed, 21 Feb 2024 21:05:41 -0800 

Thank you for sharing.
Do you know, is it possible to setup authentication like OpenID when you are 
using HTTP instead of HTTPS?

Best regards,
Stanislav Porotikov
From: [email protected] <[email protected]>
Sent: Thursday, February 22, 2024 1:42 AM
To: [email protected]; Поротиков Станислав Вячеславович 
<[email protected]>
Subject: RE: Easiest way to secure NiFi automatically

Hi Stanislav,

I recently set up Nginx on my cluster and found there were extra end points to 
configure for reverse proxy other than /nifi/ as described in the admin guide. 
I think they are associated with the underlying API that the GUI incorporates.

I used this config for my proxy.conf file. Note it is for HTTP, you will need 
to alter for HTTPS.

    # Reverse proxy for NiFi
    location /nifi/ {
        proxy_pass http://nifi:8080/nifi/;
        proxy_set_header X-ProxyScheme "http"; # the scheme to use to connect 
to the proxy
        proxy_set_header X-ProxyHost $http_host; # the host of the proxy
        proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening 
on
        proxy_set_header X-ProxyContextPath "/nifi/"; # the path configured to 
map to the NiFi instance
    }

    location /nifi-api/ {
        proxy_pass http://nifi:8080/nifi-api/;
        proxy_set_header X-ProxyHost $http_host; # the host of the proxy
        proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening 
on
    }

    location /nifi-content-viewer/ {
        proxy_pass http://nifi:8080/nifi-content-viewer/;
        proxy_set_header X-ProxyHost $http_host; # the host of the proxy
        proxy_set_header X-ProxyPort "8080"; # the port the proxy is listening 
on
    }

    # Reverse proxy for NiFi Registry
    location /nifi-registry {
        proxy_pass http://registry:18080/nifi-registry;
    }

Regards

Steve Hindmarch

From: Поротиков Станислав Вячеславович via users 
<[email protected]<mailto:[email protected]>>
Sent: Wednesday, February 21, 2024 5:42 PM
To: [email protected]<mailto:[email protected]>
Subject: Easiest way to secure NiFi automatically

Hello!
I want to deploy NiFi Cluster with ansible.
Configuration file need to be prepared in advance.
Now I try to generate keystore/truststore for NiFi 2.0.
I found some documents about tls-toolkit command line utility to help it. But 
it points to old versions of NiFi.
What can I use instead of it with NiFi 2.0.?

Further things I going to setup:
  Proxy: NGINX
  
Authentication<https://nifi.apache.org/documentation/nifi-2.0.0-M1/html/administration-guide.html#user_authentication>:
 OpenID
  Authorization: LDAP


Best regards,
Stanislav Porotikov
  • ... Поротиков Станислав Вячеславович via users
    • ... stephen.hindmarch.bt.com via users
      • ... ��������� ��������� ������������ via users

Reply via email to