Hi! I didn't use nginx as reverse proxy, but you need create your certificates using nifi-toolkit like this:     tls-toolkit.sh standalone -n "localhost" --clientCertDn "CN=localhost, OU=NIFI" --subjectAlternativeNames 'nifi' --keyStorePassword changeit --trustStorePassword changeit -o nifi/certs -O     --hostnames Param -> You can access by browser typing http://localhost:8443/nifi as external address; --subjectAlternativeNames -> Comma-separated list of domains to use as Subject Alternative Names in the certificate. In your case, including "nifi". Any docker containers can access nifi using "https://nifi:8443/" as internal address. just to reinforce, include "hostname: nifi" in your docker-compose.yml file. I hope it helps you! ... View more

It works fine @archie ! Thanks! This is my following snipped docker-compose code: nifi-registry: image: apache/nifi-registry:1.23.2 container_name: nifi-registry hostname: nifi-registry restart: "no" ports: - 18443:18443 volumes: - ./nifi/certs/localhost:/opt/certs environment: TZ: America/Sao_Paulo NIFI_REGISTRY_WEB_HTTPS_PORT: 18443 AUTH: oidc KEYSTORE_PATH: /opt/certs/keystore.jks KEYSTORE_TYPE: JKS KEYSTORE_PASSWORD: changeit TRUSTSTORE_PATH: /opt/certs/truststore.jks TRUSTSTORE_PASSWORD: changeit TRUSTSTORE_TYPE: JKS INITIAL_ADMIN_IDENTITY: test@test.com NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL: http://<LOCAL_KEYCLOAK_IP>:8080/realms/TEST/.well-known/openid-configuration NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 10000 NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT: 10000 NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID: nifi NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET: <CLIENT_SECRET> NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: openid,email,profile NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username networks: - test-net     ... View more