nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Koji Kawamura <ijokaruma...@gmail.com>
Subject Re: Use Nifi Secure S2S with proxy
Date Tue, 10 Oct 2017 03:29:27 GMT
Hi Ali,

A single forward proxy server can be a SPOF. Although I haven't tried
myself, you should be able to make it highly available by deploying
multiple ones and a LB in front of those (such as Squid proxies behind
HA proxy, I found couple of blog posts about this configuration). As
long as each NiFi instance talk to each other though forward proxy
servers, S2S load-balancing/fail-over features should work.

You may find S2S HTTP design document [1] useful to understand how it
works internally.

1 https://cwiki.apache.org/confluence/display/NIFI/Support+HTTP%28S%29+as+a+transport+mechanism+for+Site-to-Site

Regards,
Koji

On Sun, Oct 8, 2017 at 4:32 PM, Ali Nazemian <alinazemian@gmail.com> wrote:
> Hi all,
>
> I would like to use Nifi secure site to site to send traffic among different
> Nifi clusters around the world. However, there are some security concerns of
> exposing Nifi IP address to the public, and I would like to use a proxy
> server to redirect an S2S traffic to the destination Nifi cluster. My
> question is if I use a proxy server in the RPG configuration how Nifi will
> manage that under the hood? Can I use multiple proxy servers in a single RPG
> to remove SPOF? Please be advised I am not referring to use a PostHTTP on
> the source and ListenHTTP on the destination and use a HAproxy as a load
> balancing. I am referring only to use S2S and a proxy server to overcome
> some of the security concerns at the enterprise. However, I am afraid I may
> create SPOF or break load-balancing/fail-over features of Nifi S2S protocol.
>
> Regards,
> Ali

Mime
View raw message