You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/10/05 03:49:20 UTC

[jira] [Commented] (NIFI-2855) NiFi Site-To-Site with port forwarding

    [ https://issues.apache.org/jira/browse/NIFI-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15547513#comment-15547513 ] 

ASF GitHub Bot commented on NIFI-2855:
--------------------------------------

GitHub user ijokarumawak opened a pull request:

    https://github.com/apache/nifi/pull/1100

    NIFI-2855: Site-to-Site with port forwarding.

    This change allows user to run NiFi without root privilege but with low port (80 or 443) using port forwarding together.
    
    - Added following properties:
      - nifi.web.http.port.forwarding
      - nifi.web.https.port.forwarding
    
    Please refer the admin guide for detail.
    
    Tested with:
    - Local and Cloud Site-to-Site with only either one of 80 or 443 port is accessible
    - Enabling port forwarding, or without it (direct access)
    - Clustered/Standalone
    - With proxy
    - RAW transport protocol (works as it was)
    
    Any comments are appreciated!

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ijokarumawak/nifi nifi-2855

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/1100.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1100
    
----
commit 0fd5fdc44b12a0c484701080d0c6aca724f4b5ee
Author: Koji Kawamura <ij...@apache.org>
Date:   2016-10-04T10:39:36Z

    NIFI-2855: Site-to-Site with port forwarding.
    
    - Added following properties:
      - nifi.web.http.port.forwarding
      - nifi.web.https.port.forwarding

----


> NiFi Site-To-Site with port forwarding
> --------------------------------------
>
>                 Key: NIFI-2855
>                 URL: https://issues.apache.org/jira/browse/NIFI-2855
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Bryan Rosander
>            Assignee: Koji Kawamura
>
> It would be useful to be able to use port forwarding with NiFi Site-To-Site.  This would allow NiFi to appear externally to be listening on a privileged port without having been granted elevated permissions.
> For example, an administrator could configure iptables to forward traffic from port 443 to port 9443.  Then users could use NiFi at port 443.  This provides more flexibility as far as firewall configuration is concerned.
> The above scenario causes problems with Site-To-Site though because in a clustered scenario, the nodes will still advertise themselves with port 9443.  This would prevent a Site-To-Site client from being able to talk to them from outside the firewall.
> We need a way (probably a nifi property) to tell NiFi to listen on one port (9443) and advertise another (443) for Site-To-Site purposes to enable this usecase.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)