Nugget Post: Running NiFi behind an SSL reverse proxy

Scenario User --- (HTTPS) ---> NGINX Reverse Proxy --- (HTTP) ---> NiFi Typical NGINX Reverse Proxy config: location /nifi { proxy_set_header Host $http_host; add_header "Access-Control-Allow-Credentials" "true"; proxy_pass http://127.0.0.1:9900; } Note: the proxy_set_header Host is necessary otherwise NiFi will return "localhost" or "127.0.0.1" in it's links and you'll end up with a bunch of HTTP 404 … Continue reading Nugget Post: Running NiFi behind an SSL reverse proxy

Encrypting traffic in transit to Apache NiFi

In this article we'll explain how to encrypt traffic going to an HTTP handler in NiFi, which is then forwarded to a backend HTTP server - in other words, an SSL offloading reverse proxy. Encrypting traffic in transit to NiFi involves the following steps: Creating a keystore containing a CA certificateCreating a truststore, which contains … Continue reading Encrypting traffic in transit to Apache NiFi

Is it Elastalert? No – it’s NiFi!!

One common requirement for users of Elasticsearch is to have automatic alerts sent out whenever some query gets matched, or when some other condition gets satisfied. In fact, Yelp have come up with a python-based solution for this in the form of Elastalert, which at time of writing, is extremely popular with over 5.5K stars … Continue reading Is it Elastalert? No – it’s NiFi!!

Consuming Netflow using NiFi

The problem Several network devices (especially Cisco) tend to use netflow for auditing network connections. It would be useful to log these connections in a structured data store (Elasticsearch is my data store of choice). Alternative Solutions Using the elasticsearch netflow module: https://www.elastic.co/guide/en/logstash/current/netflow-module.htmlThis works well right out of the box, and supports all netflow versions. … Continue reading Consuming Netflow using NiFi