Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Nifi UI Behind Load Balancer



I have 3-node Nifi cluster using self signed certificate. and that is working fine. Now I want to run these 3 node Nifi UI (port 8443) behind Load Balancer. The changes I have in file is:,nifiinstance-group-1:8443,<load-balancer>


All Nifi UI has same credential. and loadBalancer is using HTTP connection. Now, Nifi UI is coming up, but while passing the credentials it is throwing error:




there is no such error in nifi logs:

3X.XX.XX.XX - - [28/Dec/2023:11:03:12 +0000] "GET /nifi/ HTTP/1.1" 200 21126 "http://3X.XX.XX.XX/nifi/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"


Please guide me with the root cause if this problem and how to solve this?


Master Collaborator

How you are trying to log in? using certificate? or Username&Passsword ? Is NiFi running on the container?




Its not on the container. and I am trying to login using username and password

Master Collaborator

Thanks, The Error message tells me that "access unknown certificate of token not found" 

This means NiFi as a service expects client cert to be present if there are No client certs then a token must be present which would be obtained after entering the user name password.

But in LB connection it is possible that the token has been obtained from one nifi node but LB is redirecting the next request to a different NiFi node and it will not work 

Have you configured the stick session at the Load Balancing Proxy?

Refer to why it is needed in NiFi




Thanks for your reply @ckumar ! I am using GCP services to create LB. for the backend services of LB we used session affinity as "client IP" ( As shown below in the Screen Shot).


Adding to this I used curl command to generate the token using LB URL, which is responding correctly. But Nifi UI still have the error.

URL used : curl --location --request POST 'http://<LoadBalancer>/nifi-api/access/token' --header 'Content-Type: application/x-www-form-urlencoded'  --data-urlencode 'username=<MyUser>'  --data-urlencode 'password=<MyPassword>'

Further, for debugging the root cause, I added only one Nifi server on the LB Backend, still getting the same error. 

Super Mentor

What is being logged in the nifi-user.log when the issue happens?
Have you tried using your browser's developer tools to look at the data being exchanged in the request with the NiFi cluster?
Feels like maybe the site cookies are not being sent to the NiFi node after successful authentication resulting in the exception being seen.