You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/04/14 19:37:28 UTC
[GitHub] [nifi] alopresto commented on issue #4207: NIFI-7203 Add ZooKeeper
client and server TLS
alopresto commented on issue #4207: NIFI-7203 Add ZooKeeper client and server TLS
URL: https://github.com/apache/nifi/pull/4207#issuecomment-613641562
@jfrazee as I mentioned on NIFI-7203, during an offline discussion some of us were discussing the approach to a configuration for an embedded ZK instance in NiFi which defines both an HTTP and HTTPS connection. Our position is that unlike an external ZK cluster which may have many different clients, the embedded ZK instance should only listen on the HTTPS port if the admin configures that, as NiFi will only attempt to connect on that port, and listening on HTTP has the potential to expose sensitive information. However, this is different from normal ZK behavior and therefore we listed some potential approaches to reduce confusion. More details are available in [this comment](https://issues.apache.org/jira/browse/NIFI-7203?focusedCommentId=17083557&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17083557), but I would like to hear your perspective on this. Have you encountered any scenarios where an admin intentionally meant for the embedded ZK to listen on both ports?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services