Created 09-13-2023 04:31 AM
Is it possible, or does it make sense to use AWS Load Balancers in front of a NiFi Cluster?
We are running a 3 node nifi cluster using v 1.19.1 on aws and I wanted to see if it is possible, or makes sense to use an AWS Load Balancer(s) in front of the nifi cluster.
Any guidance, suggestions would be tremendously appreciated.
Created 09-14-2023 11:24 AM
@davehkd
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence). This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token. The issued client token gets passed by the client (browser) with every subsequent request made to NiFi. The corresponding server side token only exists on the specific NiFi node that handled the authentication. So if your LB routes subsequent requests to a different node, authentication will fail for that request.
Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization. This ensures ease of access for example when a node in the cluster is down.
If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 09-18-2023 04:37 AM
Thanks Matt!
Created 09-14-2023 11:24 AM
@davehkd
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence). This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token. The issued client token gets passed by the client (browser) with every subsequent request made to NiFi. The corresponding server side token only exists on the specific NiFi node that handled the authentication. So if your LB routes subsequent requests to a different node, authentication will fail for that request.
Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization. This ensures ease of access for example when a node in the cluster is down.
If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 09-18-2023 04:37 AM
Thanks Matt!