nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan H <>
Subject Secure NiFi 1.5 Behind NGINX/HAProxy
Date Wed, 07 Feb 2018 21:55:25 GMT
Hi All,

This may trivial, but I'm asking anyways for clarity. I am setting up a
secure instance of NiFi behind NGINX for reverse proxy capabilities. I have
a certain requirement that traffic coming in will hit NGINX as HTTP on port
80. NGINX will need to forward the request to the secure instance as HTTPS
on port 8443.

So: browser/API -> http -> NGINX -> https -> Secure NiFi

Currently I am using the tls-toolkit in client/server mode for the secure
instance to get its certs. I plan to have an OpenID provider configured for

>From what I understand I will need to place the client key and certificate
as well as server key and certificate on NGINX. This may be a bad
assumption, but it's where I'm at, at this point.

My question is: what would act as each of the key/certificates for both the
client/server to be placed on NGINX based on what is generated from the
tls-toolkit (which keys/certs would be extracted from each of the generated
files/stores)? Is what I'm doing feasible (I'm assuming it is, but open to
being wrong). I've tried a few different extractions from the keystore and
truststore, but this is a weaker area of expertise for me and would rather
be clear on what I'm doing.

Any help is greatly appreciated.


Ryan H

View raw message