Remote access to NiFi UI in secure setup

["Saip, Alexander (NIH/CC/BTRIS) [C]" <al...@nih.gov>]

We are just starting with NiFi. Currently, there is a single-node instance running on a CentOS server. Without any security configuration, I am able to connect to the NiFi UI from the Chrome browser running on my Windows desktop. In order to enable multi-tenancy, we have to secure NiFi. The NiFi System Administrator's Guide mentions the TLS Toolkit, but exclusively in the context of NiFi cluster. I wonder if there is a way for me to enable HTTPS connections to the NiFi UI from a remote computer that is NOT a cluster node? If yes, what would be the best way to achieve that?

Re: Remote access to NiFi UI in secure setup

[Kevin Doran <kd...@gmail.com>]

Great! Glad you got it working, Alexander.

Cheers,
Kevin

On 7/14/17, 09:53, "albaruthenia" <al...@nih.gov> wrote:

    Thanks, Kevin. I chatted with Bryan on his blog, and I was able to set up an
    HTTPS connection to our NiFi instance.
    
    
    
    --
    View this message in context: http://apache-nifi-users-list.2361937.n4.nabble.com/Remote-access-to-NiFi-UI-in-secure-setup-tp2395p2425.html
    Sent from the Apache NiFi Users List mailing list archive at Nabble.com.
    

Re: Remote access to NiFi UI in secure setup

[albaruthenia <al...@nih.gov>]

Thanks, Kevin. I chatted with Bryan on his blog, and I was able to set up an
HTTPS connection to our NiFi instance.



--
View this message in context: http://apache-nifi-users-list.2361937.n4.nabble.com/Remote-access-to-NiFi-UI-in-secure-setup-tp2395p2425.html
Sent from the Apache NiFi Users List mailing list archive at Nabble.com.

Re: Remote access to NiFi UI in secure setup

[Kevin Doran <kd...@gmail.com>]

Hi Alexander,

 

You may find Bryan Bende's "Authorization and Multi-Tenancy Guide" [1] to contain some helpful advice on exactly what you are looking for. Specifically, the "Authorizers & Initial Admin Identity" section covers how to setup secure access for users to the NiFi UI, and the "Multi-Tenancy" section covers how to set different access policies for different users/groups.

 

Additionally, if you are using LDAP for user management, you may also find Pierre Villard's "Integration of NiFi with LDAP" [2] a useful resource.

 

Hope this helps! If you have further questions, please do post back to this list.

 

[1] http://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy 

[2] https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/

 

Cheers,
Kevin

 

 

From: "Saip, Alexander (NIH/CC/BTRIS) [C]" <al...@nih.gov>
Reply-To: <us...@nifi.apache.org>
Date: Thursday, July 13, 2017 at 10:31
To: "'users@nifi.apache.org'" <us...@nifi.apache.org>
Subject: Remote access to NiFi UI in secure setup

 

We are just starting with NiFi. Currently, there is a single-node instance running on a CentOS server. Without any security configuration, I am able to connect to the NiFi UI from the Chrome browser running on my Windows desktop. In order to enable multi-tenancy, we have to secure NiFi. The NiFi System Administrator’s Guide mentions the TLS Toolkit, but exclusively in the context of NiFi cluster. I wonder if there is a way for me to enable HTTPS connections to the NiFi UI from a remote computer that is NOT a cluster node? If yes, what would be the best way to achieve that?