Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Possible to Use AWS Load Balancers in Front of a NiFi Cluster

avatar
Contributor

Is it possible, or does it make sense to use AWS Load Balancers in front of a NiFi Cluster?

We are running a 3 node nifi cluster using v 1.19.1 on aws and I wanted to see if it is possible, or makes sense to use an AWS Load Balancer(s) in front of the nifi cluster.

Any guidance, suggestions would be tremendously appreciated.

2 ACCEPTED SOLUTIONS

avatar
Super Mentor

@davehkd 
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence).  This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token.  The issued client token gets passed by the client (browser) with every subsequent request made to NiFi.  The corresponding server side token only exists on the specific NiFi node that handled the authentication.  So if your LB routes subsequent requests to a different node, authentication will fail for that request.

Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization.  This ensures ease of access for example when a node in the cluster is down.


If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

 

View solution in original post

avatar
Contributor
2 REPLIES 2

avatar
Super Mentor

@davehkd 
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence).  This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token.  The issued client token gets passed by the client (browser) with every subsequent request made to NiFi.  The corresponding server side token only exists on the specific NiFi node that handled the authentication.  So if your LB routes subsequent requests to a different node, authentication will fail for that request.

Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization.  This ensures ease of access for example when a node in the cluster is down.


If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

 

avatar
Contributor

Thanks Matt!