I launch nifi server using docker with connection to external Keycloak: nifi: hostname: <IP> image: apache/nifi:latest environment: AUTH: oidc NIFI_SECURITY_USER_OIDC_DISCOVERY_URL: https://<keycloak_url>/realms/<realm>/.well-known/openid-configuration NIFI_SECURITY_USER_OIDC_CLIENT_ID: <client_id> NIFI_SECURITY_USER_OIDC_CLIENT_SECRET: <client_secret> NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: email NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY: NIFI NIFI_CLUSTER_NODE_PROTOCOL_PORT: 6007 NIFI_SENSITIVE_PROPS_KEY: <key> SINGLE_USER_CREDENTIALS_USERNAME: admin SINGLE_USER_CREDENTIALS_PASSWORD: <pass> NIFI_WEB_HTTPS_HOST: <IP> NIFI_WEB_PROXY_HOST: <domain> NIFI_WEB_HTTPS_PORT: 8443 KEYSTORE_PATH: /opt/certs/keystore.p12 KEYSTORE_TYPE: PKCS12 KEYSTORE_PASSWORD: <pass> TRUSTSTORE_PATH: /opt/certs/truststore.p12 TRUSTSTORE_TYPE: PKCS12 TRUSTSTORE_PASSWORD: <pass> NIFI_SECURITY_USER_AUTHORIZER: single-user-authorizer NIFI_SECURITY_USER_LOGIN_IDENTITY_PROVIDER: single-user-provider NIFI_CLUSTER_IS_NODE: true NIFI_CLUSTER_MANAGER_ADDRESS: zookeeper NIFI_CLUSTER_MANAGER_PORT: 2181 NIFI_ZK_CONNECT_STRING: "localhost:2181" NIFI_ELECTION_MAX_CANDIDATES: 1 NIFI_ELECTION_MAX_TIMEOUT: "10 sec" volumes: - nifi_conf:/opt/nifi/nifi-current/conf - nifi_content_repository:/opt/nifi/nifi-current/content_repository - nifi_flowfile_repository:/opt/nifi/nifi-current/flowfile_repository - nifi_provenance_repository:/opt/nifi/nifi-current/provenance_repository - nifi_database_repository:/opt/nifi/nifi-current/database_repository - nifi_logs:/opt/nifi/nifi-current/logs - ./certs/keystore.p12:/opt/certs/keystore.p12 - ./certs/truststore.p12:/opt/certs/truststore.p12 network_mode: host nginx: image: nginx container_name: nginx volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/certs:/keys network_mode: host restart: unless-stopped With using proxy server nginx: http { server { listen 443 ssl; server_name <domain>; ssl_certificate /keys/certificate.pem; ssl_certificate_key /keys/certificate.key; proxy_ssl_certificate /keys/nifi.pem; proxy_ssl_certificate_key /keys/nifi.key; proxy_ssl_trusted_certificate /keys/nifi.pem; location / { proxy_set_header Host $http_host; proxy_set_header X-ProxyScheme "https"; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; proxy_set_header X-ProxyContextPath "/"; proxy_pass https://<IP>:8443; } } }  From my local machine if I try to access via IP address, nifi redirect me to keycloak and auth working with my keycloak user.  If I try to access via domain, I already auth in nifi with tls (with using cert from proxy server, account "CN=<IP>, Ou=...") without redirect to keycloak. Can you explain me in Nifi auth process and what can I do so that I could auth in nifi server via domain with oidc Keycloak? ... View more