nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Nazemian <alinazem...@gmail.com>
Subject Re: Use Nifi Secure S2S with proxy
Date Tue, 10 Oct 2017 13:04:13 GMT
Thanks, Koji. Do I need to have any special requirement on the forward
proxy or it is working with any forward proxy?

On Tue, Oct 10, 2017 at 2:29 PM, Koji Kawamura <ijokarumawak@gmail.com>
wrote:

> Hi Ali,
>
> A single forward proxy server can be a SPOF. Although I haven't tried
> myself, you should be able to make it highly available by deploying
> multiple ones and a LB in front of those (such as Squid proxies behind
> HA proxy, I found couple of blog posts about this configuration). As
> long as each NiFi instance talk to each other though forward proxy
> servers, S2S load-balancing/fail-over features should work.
>
> You may find S2S HTTP design document [1] useful to understand how it
> works internally.
>
> 1 https://cwiki.apache.org/confluence/display/NIFI/
> Support+HTTP%28S%29+as+a+transport+mechanism+for+Site-to-Site
>
> Regards,
> Koji
>
> On Sun, Oct 8, 2017 at 4:32 PM, Ali Nazemian <alinazemian@gmail.com>
> wrote:
> > Hi all,
> >
> > I would like to use Nifi secure site to site to send traffic among
> different
> > Nifi clusters around the world. However, there are some security
> concerns of
> > exposing Nifi IP address to the public, and I would like to use a proxy
> > server to redirect an S2S traffic to the destination Nifi cluster. My
> > question is if I use a proxy server in the RPG configuration how Nifi
> will
> > manage that under the hood? Can I use multiple proxy servers in a single
> RPG
> > to remove SPOF? Please be advised I am not referring to use a PostHTTP on
> > the source and ListenHTTP on the destination and use a HAproxy as a load
> > balancing. I am referring only to use S2S and a proxy server to overcome
> > some of the security concerns at the enterprise. However, I am afraid I
> may
> > create SPOF or break load-balancing/fail-over features of Nifi S2S
> protocol.
> >
> > Regards,
> > Ali
>



-- 
A.Nazemian

Mime
View raw message