You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by "Saip, Alexander (NIH/CC/BTRIS) [C]" <al...@nih.gov> on 2017/07/13 14:31:08 UTC
Remote access to NiFi UI in secure setup
We are just starting with NiFi. Currently, there is a single-node instance running on a CentOS server. Without any security configuration, I am able to connect to the NiFi UI from the Chrome browser running on my Windows desktop. In order to enable multi-tenancy, we have to secure NiFi. The NiFi System Administrator's Guide mentions the TLS Toolkit, but exclusively in the context of NiFi cluster. I wonder if there is a way for me to enable HTTPS connections to the NiFi UI from a remote computer that is NOT a cluster node? If yes, what would be the best way to achieve that?
Re: Remote access to NiFi UI in secure setup
Posted by Kevin Doran <kd...@gmail.com>.
Great! Glad you got it working, Alexander.
Cheers,
Kevin
On 7/14/17, 09:53, "albaruthenia" <al...@nih.gov> wrote:
Thanks, Kevin. I chatted with Bryan on his blog, and I was able to set up an
HTTPS connection to our NiFi instance.
--
View this message in context: http://apache-nifi-users-list.2361937.n4.nabble.com/Remote-access-to-NiFi-UI-in-secure-setup-tp2395p2425.html
Sent from the Apache NiFi Users List mailing list archive at Nabble.com.
Re: Remote access to NiFi UI in secure setup
Posted by albaruthenia <al...@nih.gov>.
Thanks, Kevin. I chatted with Bryan on his blog, and I was able to set up an
HTTPS connection to our NiFi instance.
--
View this message in context: http://apache-nifi-users-list.2361937.n4.nabble.com/Remote-access-to-NiFi-UI-in-secure-setup-tp2395p2425.html
Sent from the Apache NiFi Users List mailing list archive at Nabble.com.
Re: Remote access to NiFi UI in secure setup
Posted by Kevin Doran <kd...@gmail.com>.
Hi Alexander,
You may find Bryan Bende's "Authorization and Multi-Tenancy Guide" [1] to contain some helpful advice on exactly what you are looking for. Specifically, the "Authorizers & Initial Admin Identity" section covers how to setup secure access for users to the NiFi UI, and the "Multi-Tenancy" section covers how to set different access policies for different users/groups.
Additionally, if you are using LDAP for user management, you may also find Pierre Villard's "Integration of NiFi with LDAP" [2] a useful resource.
Hope this helps! If you have further questions, please do post back to this list.
[1] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
[2] https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/
Cheers,
Kevin
From: "Saip, Alexander (NIH/CC/BTRIS) [C]" <al...@nih.gov>
Reply-To: <us...@nifi.apache.org>
Date: Thursday, July 13, 2017 at 10:31
To: "'users@nifi.apache.org'" <us...@nifi.apache.org>
Subject: Remote access to NiFi UI in secure setup
We are just starting with NiFi. Currently, there is a single-node instance running on a CentOS server. Without any security configuration, I am able to connect to the NiFi UI from the Chrome browser running on my Windows desktop. In order to enable multi-tenancy, we have to secure NiFi. The NiFi System Administrator’s Guide mentions the TLS Toolkit, but exclusively in the context of NiFi cluster. I wonder if there is a way for me to enable HTTPS connections to the NiFi UI from a remote computer that is NOT a cluster node? If yes, what would be the best way to achieve that?